GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk. This vulnerability allows local privilege escalation and may result in full system compromise.
During ERM installation, a Windows service is created that runs on the LocalSystem account. When the application is launched, associated processes are executed in the context of SYSTEM privileges rather than the logged-in user. Functions such as 'Import Data' open Windows File Dialog windows that run with SYSTEM privileges, allowing any local user to modify or delete protected system files and directories. Any ERM function that invokes file open or save dialogs exposes the system to the same type of attack (privilege escalation through file dialog in SYSTEM context).
A local user without administrative privileges can gain full control over the operating system, including modifying or deleting protected system files, which can lead to complete system compromise of the attacked machine.
Patches available from the manufacturer (GeoVision) should be applied in accordance with references published at https://www.geovision.com.tw/cyber_security.php. Until the patch is deployed, it is recommended to restrict local access to systems with ERM installed only to trusted, authorized users.
GV Edge Recording Manager (ERM) version 2.3.1 running on Windows systems
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green