CVE-2023-4570 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2023-4570?

CVE-2023-4570 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-4570?

Check the references section above for vendor advisories and patch information. Affected products include: Ni Measurementlink.

Vulnerability Description

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ni	Measurementlink	>= 1.0.0, < 1.1.1

Related Weaknesses (CWE)

CWE-420

References

https://www.ni.com/en/support/documentation/supplemental/23/improper-restrictionVendor Advisory
https://www.ni.com/en/support/documentation/supplemental/23/improper-restrictionVendor Advisory

FAQ

What is CVE-2023-4570?

CVE-2023-4570 is a vulnerability with a CVSS score of 8.8 (HIGH). An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to b...

How severe is CVE-2023-4570?

CVE-2023-4570 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4570?

Check the references section above for vendor advisories and patch information. Affected products include: Ni Measurementlink.