CVE-2023-4570 – ni-measurementlink-service

Package

Manager: pip
Name: ni-measurementlink-service
Vulnerable Version: >=0 <1.1.1 || >=1.2.0.dev0 <1.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.30495

Details

NI MeasurementLink Python Services Improper Access Restriction vulnerability ### Impact An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the `ni-measurementlink-service` Python package and all previous versions. ### Patches Upgrade all Python measurement plug-ins to use `ni-measurementlink-service` version 1.1.1 or later. ### References Visit [ni.com/info](http://www.ni.com/info) and enter the info code `cve-2023-4570` for more information.

Metadata

Created: 2023-10-05T20:56:37Z
Modified: 2023-10-05T20:56:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-3f48-9j7q-q2gv/GHSA-3f48-9j7q-q2gv.json
CWE IDs: ["CWE-420"]
Alternative ID: GHSA-3f48-9j7q-q2gv
Finding: F332
Auto approve: 1