HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-6805

CVSS 7.5v3.1pub. 2024-07-22upd. 2024-11-21

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Ni Veristand

    APP
    Ni
    2024≤ 2024
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-6793CRITICAL9.8PL ✓ten sam produkt

RCE przez niebezpieczną deserializację w NI VeriStand DataLogging Server

CVE-2024-6794CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację danych w NI VeriStand Waveform Streaming Server

CVE-2024-6806CRITICAL9.8PL ✓ten sam produkt

Brak weryfikacji autoryzacji w NI VeriStand Gateway — RCE

CVE-2024-6791HIGH7.8ten sam produkt

A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in...

CVE-2023-5136MEDIUM5.5ten sam produkt

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure...