CVE-2024-4044

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://ni.com/r/CVE-2024-4044
https://ni.com/r/CVE-2024-4044

Configurations

No configuration.

History

21 Nov 2024, 09:42

Type	Values Removed	Values Added
References	~~() https://ni.com/r/CVE-2024-4044 -~~	() https://ni.com/r/CVE-2024-4044 -
Summary		(es) Existe una vulnerabilidad de deserialización de datos no confiables en el código común utilizado por FlexLogger e InstrumentStudio que puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante consiga que un usuario abra un archivo de proyecto especialmente manipulado. Esta vulnerabilidad afecta a NI FlexLogger 2024 Q1 y versiones anteriores, así como a NI InstrumentStudio 2024 Q1 y versiones anteriores.

14 May 2024, 15:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:42

Updated : 2024-11-21 09:42

NVD link : CVE-2024-4044

Mitre link : CVE-2024-4044

CVE.ORG link : CVE-2024-4044

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

7.8 /10