Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MeasurementLink by NI

    CVE-2023-4570 (GCVE-0-2023-4570)

    Vulnerability from nvd – Published: 2023-10-05 15:26 – Updated: 2024-09-19 18:53
    VLAI
    Title
    Improper Restriction in NI MeasurementLink Python Services
    Summary
    An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-420 - Unprotected Alternate Channel
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI MeasurementLink Affected: 1.0.0 , ≤ 1.1.0 (1.1.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:06.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:53:21.646541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:53:34.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Python Services"
              ],
              "product": "MeasurementLink ",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.  These services were previously thought to be unreachable outside of the node.  This affects measurement plug-ins written in Python using version 1.1.0 of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eni-measurementlink-service\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Python package and all previous versions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.  These services were previously thought to be unreachable outside of the node.  This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service\u00a0Python package and all previous versions.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-420",
                  "description": "CWE-420 Unprotected Alternate Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T15:26:45.467Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction in NI MeasurementLink Python Services",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2023-4570",
        "datePublished": "2023-10-05T15:26:45.467Z",
        "dateReserved": "2023-08-28T19:32:41.324Z",
        "dateUpdated": "2024-09-19T18:53:34.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4570 (GCVE-0-2023-4570)

    Vulnerability from cvelistv5 – Published: 2023-10-05 15:26 – Updated: 2024-09-19 18:53
    VLAI
    Title
    Improper Restriction in NI MeasurementLink Python Services
    Summary
    An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-420 - Unprotected Alternate Channel
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI MeasurementLink Affected: 1.0.0 , ≤ 1.1.0 (1.1.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:06.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:53:21.646541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:53:34.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Python Services"
              ],
              "product": "MeasurementLink ",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.  These services were previously thought to be unreachable outside of the node.  This affects measurement plug-ins written in Python using version 1.1.0 of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eni-measurementlink-service\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Python package and all previous versions.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.  These services were previously thought to be unreachable outside of the node.  This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service\u00a0Python package and all previous versions.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-420",
                  "description": "CWE-420 Unprotected Alternate Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T15:26:45.467Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction in NI MeasurementLink Python Services",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2023-4570",
        "datePublished": "2023-10-05T15:26:45.467Z",
        "dateReserved": "2023-08-28T19:32:41.324Z",
        "dateUpdated": "2024-09-19T18:53:34.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }