High severityNVD Advisory· Published Oct 5, 2023· Updated Sep 19, 2024
Improper Restriction in NI MeasurementLink Python Services
CVE-2023-4570
Description
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ni-measurementlink-servicePyPI | < 1.1.1 | 1.1.1 |
ni-measurementlink-servicePyPI | >= 1.2.0.dev0, < 1.2.0 | 1.2.0 |
Affected products
2- NI/MeasurementLinkv5Range: 1.0.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-3f48-9j7q-q2gvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4570ghsaADVISORY
- github.com/ni/measurementlink-python/commit/3e9d45147befc9a151fca5582c64fa77c7ba1980ghsaWEB
- github.com/ni/measurementlink-python/commit/d2c73b1e0252081e1b89767aa916d73772d04dd9ghsaWEB
- github.com/ni/measurementlink-python/security/advisories/GHSA-3f48-9j7q-q2gvghsaWEB
- www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.htmlghsaWEB
News mentions
0No linked articles in our index yet.