NICVELIST:CVE-2023-4570CVE-2023-4570 Improper Restriction in NI MeasurementLink Python Services
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.5%
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-serviceΒ Python package and all previous versions.
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"Python Services"
],
"product": "MeasurementLink ",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "1.0.0",
"versionType": "1.1.1"
}
]
}
]Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.5%