Veracode Vulnerability DatabaseVERACODE:43712Improper Access Control
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.5%
ni_measurementlink_service is vulnerable to Improper Access Control. The vulnerability is due to start function in service_manager.py which allows binding the server to all network interfaces. This allow an attacker on an adjacent network to reach services exposed on localhost.
References
github.com/ni/measurementlink-python/commit/58979c731c23d44d97f73bcad7abad0222c3a2cf
github.com/ni/measurementlink-python/commit/d2c73b1e0252081e1b89767aa916d73772d04dd9
github.com/ni/measurementlink-python/security/advisories/GHSA-3f48-9j7q-q2gv
www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html
Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.5%