CVE-2024-6805

HIGH

NI VeriStand <2024 Q2 - Info Disclosure/Remote Code Execution

Title source: llm
STIX 2.1

Description

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

Scores

CVSS v3 7.5
EPSS 0.0095
EPSS Percentile 57.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
ni/veristand 2024 q2
ni/veristand < 2024
Published Jul 22, 2024
Tracked Since Feb 18, 2026