cve-2024-23611
Vulnerability from cvelistv5
Published
2024-03-11 15:14
Modified
2024-08-28 19:57
Severity
Summary
Out of Bounds Write Due to Missing Bounds Check in LabVIEW
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T23:06:25.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "labview", "vendor": "ni", "versions": [ { "lessThanOrEqual": "2024 Q1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23611", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T19:56:16.752194Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T19:57:08.855Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "Linux" ], "product": "LabVIEW", "vendor": "NI", "versions": [ { "lessThanOrEqual": "2024 Q1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\u003c/p\u003e" } ], "value": "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\n" } ], "impacts": [ { "capecId": "CAPEC-23", "descriptions": [ { "lang": "en", "value": "CAPEC-23 File Content Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-11T15:14:22.944Z", "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI" }, "references": [ { "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out of Bounds Write Due to Missing Bounds Check in LabVIEW", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "assignerShortName": "NI", "cveId": "CVE-2024-23611", "datePublished": "2024-03-11T15:14:22.944Z", "dateReserved": "2024-01-18T20:48:24.220Z", "dateUpdated": "2024-08-28T19:57:08.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-23611\",\"sourceIdentifier\":\"security@ni.com\",\"published\":\"2024-03-11T16:15:08.557\",\"lastModified\":\"2024-03-12T12:40:13.500\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes en LabVIEW puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. La explotaci\u00f3n exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. Esta vulnerabilidad afecta a LabVIEW 2024 Q1 y versiones anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ni.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@ni.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html\",\"source\":\"security@ni.com\"}]}}" } }
Loading...