PatchSiren cyber security CVE debrief
CVE-2024-11120 GeoVision CVE debrief
CVE-2024-11120 is a GeoVision OS command injection vulnerability affecting GeoVision Multiple Devices and listed by CISA in the Known Exploited Vulnerabilities catalog. Because CISA has marked it as known exploited, defenders should treat it as a high-priority exposure and act on the vendor’s mitigations or remove the product if mitigation is not available.
- Vendor
- GeoVision
- Product
- Multiple Devices
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-05-07
- Original CVE updated
- 2025-05-07
- Advisory published
- 2025-05-07
- Advisory updated
- 2025-05-07
Who should care
Security teams responsible for GeoVision devices, network perimeter and camera/embedded device management, vulnerability and patch management teams, and incident responders tracking exploited vulnerabilities.
Technical summary
The supplied CISA KEV record identifies the issue as an OS command injection vulnerability in GeoVision devices. The corpus does not provide a CVSS score or technical exploit details, but the KEV listing indicates active real-world exploitation is known. CISA’s required action is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Defensive priority
Immediate. Because the vulnerability is in CISA KEV, it should be prioritized ahead of routine patch work and addressed by the KEV due date context supplied with the record.
Recommended defensive actions
- Verify whether any GeoVision devices in your environment are affected by the vendor’s advisory and inventory all exposed instances.
- Apply the vendor’s mitigations or updates as soon as they are available and validated in your environment.
- If no effective mitigation exists, remove or isolate the affected product in line with CISA guidance.
- Restrict administrative and management access to the smallest practical network scope until remediation is complete.
- Monitor logs and device behavior for unexpected command execution, configuration changes, or other signs of abuse.
- Track remediation against the CISA KEV due date of 2025-05-28 and escalate any overdue assets.
Evidence notes
This debrief is based on the supplied CISA KEV source item for CVE-2024-11120, published and modified on 2025-05-07. The record names the vulnerability as a GeoVision devices OS command injection issue, lists GeoVision as the vendor project, and states the required action: apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use if mitigations are unavailable. The supplied corpus does not include a CVSS score or the contents of the referenced vendor advisory PDF.
Official resources
-
CVE-2024-11120 CVE record
CVE.org
-
CVE-2024-11120 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Public debrief based only on the supplied CISA KEV record and official links. No exploit instructions, reproduction steps, or unsupported technical claims are included.