Lucene search

[email protected]NVD:CVE-2023-4570

HistoryOct 05, 2023 - 4:15 p.m.

CVE-2023-4570

2023-10-0516:15:12

CWE-420

[email protected]

web.nvd.nist.gov

access restriction flaw

ni measurementlink

python services

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

Affected configurations

Nvd

Node

nimeasurementlinkRange1.0.0–1.1.1

VendorProductVersionCPE
nimeasurementlink*cpe:2.3:a:ni:measurementlink:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ni	measurementlink	*	cpe:2.3:a:ni:measurementlink::::::::

References

www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for NVD:CVE-2023-4570

prion1 cve1 veracode1 osv1 vulnrichment1 github1 cvelist1