CVE-2024-6806

CRITICAL

NI VeriStand < 2024 Q2 - Missing Authorization Leading to Remote Code Execution

Title source: llm
STIX 2.1

Description

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

Scores

CVSS v3 9.8
EPSS 0.0102
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
ni/veristand 2024 q2
ni/veristand < 2024
Published Jul 22, 2024
Tracked Since Feb 18, 2026