CVE-2024-6805 — Missing Authorization in Veristand

CWE-862 — Missing Authorization2 documents2 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 21.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Veristand
Timeline
PublishedJul 22

Description

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

â–¶NVDni/veristand2024+1

🔴Vulnerability Details

1
GHSA
GHSA-mg8p-r739-mwgq: The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources↗2024-07-22
â–¶
CVE-2024-6805 — Missing Authorization in NI Veristand | cvebase