CVE-2024-6794
Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
Existe una vulnerabilidad de deserialización de datos no confiables en NI VeriStand Waveform Streaming Server que puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante envíe un mensaje especialmente manipulado. Estas vulnerabilidades afectan a NI VeriStand 2024 Q2 y versiones anteriores.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of service requests in the WaveformStreamingServer component. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-07-16 CVE Reserved
- 2024-07-22 CVE Published
- 2024-08-01 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
- CAPEC-586: Object Injection
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|