CVE-2023-4570
Improper Restriction in NI MeasurementLink Python Services
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.
Una restricción de acceso inadecuada en los servicios de NI MeasurementLink Python podría permitir que un atacante en una red adyacente acceda a servicios expuestos en localhost. Anteriormente se pensaba que estos servicios eran inalcanzables fuera del nodo. Esto afecta a los complementos de medición escritos en Python que utilizan la versión 1.1.0 del paquete Python ni-measurementlink-service y todas las versiones anteriores.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-08-28 CVE Reserved
- 2023-10-05 CVE Published
- 2024-09-19 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-420: Unprotected Alternate Channel
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ni Search vendor "Ni" | Measurementlink Search vendor "Ni" for product "Measurementlink" | >= 1.0.0 < 1.1.1 Search vendor "Ni" for product "Measurementlink" and version " >= 1.0.0 < 1.1.1" | - |
Affected
| ||||||