CVE-2023-4570 HIGH

CVE-2023-4570: Improper Restriction in NI MeasurementLink Python Services

Vendor Ni

Product MeasurementLink

Weakness CWE-420

Published October 5, 2023

Last update September 19, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

Key dates

Disclosure timeline

October 5, 2023 CVE published

September 19, 2024 Record updated