CVE-2024-4044 HIGH

CVE-2024-4044: Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio

Vendor Ni
Product FlexLogger
Weakness CWE-502 · Unsafe deserialization
Published May 10, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.

Key dates

02Disclosure timeline

May 10, 2024 CVE published
August 1, 2024 Record updated