CVE-2024-6793
published 2024-07-22CVE-2024-6793: A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.19%
64.1th percentile
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| git | git | >= 0 < 1:2.25.1-1ubuntu3.13 | 1:2.25.1-1ubuntu3.13 |
| ni | veristand | <= 2024 | — |
| ni | veristand | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pc3-vcqg-prf6: A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution
ghsa_unreviewed·2024-07-22
CVE-2024-6793 [CRITICAL] CWE-502 GHSA-3pc3-vcqg-prf6: A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
OSV
git vulnerability
osv·2024-06-18·CVSS 9.0
CVE-2024-32002 git vulnerability
git vulnerability
USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further
investigation. This update fixes the problem.
Original advisory details:
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.htmlhttps://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html
2024-07-22
Published