Impact
The vulnerability is a memory corruption flaw in the GV-Cloud component of GeoVision GV-VMS version 20.0.2. A specially crafted network packet can overflow a buffer, triggering a denial of service. Because the attacker can forge a request that mimics the legitimate server, the flaw can be invoked remotely over the network, leading to an interruption of service for users relying on the video management platform.
Affected Systems
GeoVision GV-VMS version 20.0.2 running on Windows systems is affected. The vulnerability is addressed in GeoVision GV-VMS version 20.1.0. All deployments of the GV-Cloud feature using v20.0.2 should be updated.
Risk and Exploitability
The CVSS score of 6.2 indicates a moderate severity. The EPSS score is not available, and the issue is not listed in CISA's KEV catalog, suggesting it has not been widely exploited yet. However, the remote nature of the attack vector makes the vulnerability accessible to adversaries who can reach the GV-Cloud interface. Attackers could cause a denial of service by sending the crafted request, potentially disrupting operations of the video surveillance system.
OpenCVE Enrichment