CVE-2024-6806Missing Authorization in Veristand

CWE-862Missing Authorization2 documents2 sources
Severity
9.8CRITICALNVD
EPSS
5.3%
top 9.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Veristand
Timeline
PublishedJul 22

Description

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDni/veristand2024+1

🔴Vulnerability Details

1
GHSA
GHSA-mmj4-7r77-pw6q: The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources2024-07-22
CVE-2024-6806 — Missing Authorization in NI Veristand | cvebase