CVE-2024-1156

Vulnerability

CVE-2024-1156 describes incorrect directory permissions for the shared NI RabbitMQ service. This affects SystemLink Server 2023 Q3 and prior versions, as well as other NI products that install the RabbitMQ service. The vulnerability resides in the installation directories for the shared SystemLink Elixir-based services, specifically the RabbitMQ component. A local authenticated user can exploit these misconfigured permissions to read RabbitMQ configuration information [1].

Exploitation

An attacker must have local authenticated access to the affected system. No special privileges beyond a standard user account are required. The attacker can navigate to the RabbitMQ installation directory (e.g., \National Instruments\Shared\Skyline\RabbitMQ\erl-) and read configuration files due to overly permissive access controls. The advisory does not detail a specific exploitation sequence, but the condition is that the directory permissions allow reading by non-privileged users [1].

Impact

Successful exploitation allows the attacker to read RabbitMQ configuration information. This could include credentials, connection strings, or other sensitive data. The advisory states this may enable escalation of privileges, though the exact privilege level gained is not specified. The impact is primarily information disclosure with potential for further privilege escalation [1].

Mitigation

NI strongly recommends upgrading the affected software to a fixed version. As of the advisory date, updates are available for affected products (refer to the Affected Products section on the advisory page). If upgrading is not possible, a workaround is provided: run a batch script (systemlink-restrict-file-access.bat) as Administrator to restrict permissions on the relevant directories, including the RabbitMQ directory. The script must be executed for each applicable directory. The advisory lists the directories that require this fix [1].