PT-2024-37398 · National Instruments · Ni Systemlink Server+1
06Fe5Fd2Bc53027C4A3B7E395Af0B850E7B8A044
·
Published
2024-07-22
·
Updated
2024-09-10
·
CVE-2024-6122
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
NI SystemLink Server versions prior to 2024 Q1
NI FlexLogger versions prior to 2023 Q2
Description:
An issue with incorrect permissions in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may lead to information disclosure via local access.
Recommendations:
For NI SystemLink Server versions prior to 2024 Q1, update to a version 2024 Q1 or later.
For NI FlexLogger versions prior to 2023 Q2, update to a version 2023 Q2 or later.
As a temporary workaround, consider restricting access to the KeyValueDatabase service to minimize the risk of exploitation.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ni Flexlogger
Ni Systemlink Server