9.8

CVE-2024-6806

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources.  These missing checks may result in remote code execution.  This affects NI VeriStand 2024 Q2 and prior versions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NiVeristand Version <= 2024
NiVeristand Version2024 Updateq2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.44% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@ni.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.