CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.5%
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service
Python package and all previous versions.
Upgrade all Python measurement plug-ins to use ni-measurementlink-service
version 1.1.1 or later.
Visit ni.com/info and enter the info code cve-2023-4570
for more information.
github.com/ni/measurementlink-python
github.com/ni/measurementlink-python/commit/3e9d45147befc9a151fca5582c64fa77c7ba1980
github.com/ni/measurementlink-python/commit/d2c73b1e0252081e1b89767aa916d73772d04dd9
github.com/ni/measurementlink-python/security/advisories/GHSA-3f48-9j7q-q2gv
nvd.nist.gov/vuln/detail/CVE-2023-4570
www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html