FKIE_CVE-2026-4606

Vulnerability from fkie_nvd - Published: 2026-03-23 02:16 - Updated: 2026-03-23 14:31
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green
Summary
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation, ERM creates a Windows service that runs under the LocalSystem account.  When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.  Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.  Any ERM function invoking Windows file open/save dialogs exposes the same risk.  This vulnerability allows local privilege escalation and may result in full system compromise.
References
0df08a0e-a200-4957-9bb0-084f562506f9https://https://www.geovision.com.tw/cyber_security.php
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u00a0\n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u00a0\n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u00a0\n\nFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u00a0\n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u00a0\n\nThis vulnerability allows local privilege escalation and may result in full system compromise."
    },
    {
      "lang": "es",
      "value": "GV Edge Recording Manager (ERM) v2.3.1 ejecuta incorrectamente los componentes de la aplicaci\u00f3n con privilegios de nivel SYSTEM, permitiendo a cualquier usuario local obtener control total del sistema operativo.\n\nDurante la instalaci\u00f3n, ERM crea un servicio de Windows que se ejecuta bajo la cuenta LocalSystem.\n\nCuando se inicia la aplicaci\u00f3n ERM, se generan procesos relacionados bajo privilegios SYSTEM en lugar del contexto de seguridad del usuario que ha iniciado sesi\u00f3n.\n\nFunciones como \u0027Importar Datos\u0027 abren un cuadro de di\u00e1logo de archivos de Windows que opera con permisos SYSTEM, lo que permite la modificaci\u00f3n o eliminaci\u00f3n de archivos y directorios del sistema protegidos.\n\nCualquier funci\u00f3n de ERM que invoque cuadros de di\u00e1logo de abrir/guardar archivos de Windows expone el mismo riesgo.\n\nEsta vulnerabilidad permite la escalada de privilegios local y puede resultar en un compromiso total del sistema."
    }
  ],
  "id": "CVE-2026-4606",
  "lastModified": "2026-03-23T14:31:37.267",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "IRRECOVERABLE",
          "Safety": "NEGLIGIBLE",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "GREEN",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "CONCENTRATED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-23T02:16:05.213",
  "references": [
    {
      "source": "0df08a0e-a200-4957-9bb0-084f562506f9",
      "url": "https://https://www.geovision.com.tw/cyber_security.php"
    }
  ],
  "sourceIdentifier": "0df08a0e-a200-4957-9bb0-084f562506f9",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "0df08a0e-a200-4957-9bb0-084f562506f9",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.