CVE-2023-4570

Summary

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

Affected Software

VendorProductVersion RangeStatus
NIMeasurementLink1.0.0 <= 1.1.0affected

Weaknesses

  • CWE-420: CWE-420 Unprotected Alternate Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References