CVE-2024-6122
Incorrect Default Directory Permissions for NI SystemLink Redis Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
Un permiso incorrecto en el directorio de instalación para el servicio compartido NI SystemLink Server KeyValueDatabase puede resultar en la divulgación de información a través del acceso local. Esto afecta a NI SystemLink Server 2024 Q1 y versiones anteriores. También afecta a NI FlexLogger 2023 Q2 y versiones anteriores que instalaron este servicio compartido.
This vulnerability allows local attackers to disclose sensitive information on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of Redis. The issue results from the incorrect assignment of permissions to access Redis credentials. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-06-18 CVE Reserved
- 2024-07-22 CVE Published
- 2024-08-01 CVE Updated
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
NI Search vendor "NI" | SystemLink Server Search vendor "NI" for product "SystemLink Server" | <= 24.1 Search vendor "NI" for product "SystemLink Server" and version " <= 24.1" | en |
Affected
| ||||||
NI Search vendor "NI" | FlexLogger Search vendor "NI" for product "FlexLogger" | <= 23.2 Search vendor "NI" for product "FlexLogger" and version " <= 23.2" | en |
Affected
|