CVE-2024-1156
First published: Tue Feb 20 2024(Updated: )
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RabbitMQ (Pivotal Software) | ||
| Emerson Data Record Ad | <=2.0.1 | |
| Emerson Flexlogger | <=2022_q3 | |
| Emerson G Web Development Software | <=2022_q3 | |
| LabVIEW NXG | =5.1 | |
| LabVIEW NXG | =5.1 | |
| LabVIEW NXG | =5.1 | |
| Emerson Specification Compliance Manager | <=2023_q4 | |
| Emerson STS Software Bundle | <=1.2 | |
| Emerson STS Software Bundle | <=21.0 | |
| Emerson Systemlink Server | <2024_q1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-1156?
CVE-2024-1156 is considered a moderate severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2024-1156?
To fix CVE-2024-1156, review and correct the directory permissions for the NI RabbitMQ service to restrict unauthorized access.
Who is affected by CVE-2024-1156?
CVE-2024-1156 affects users of NI RabbitMQ and various Emerson software products listed in the vulnerability details.
What could happen if CVE-2024-1156 is exploited?
If exploited, CVE-2024-1156 could allow a local authenticated user to read sensitive RabbitMQ configuration information, potentially leading to privilege escalation.
Is there a patch available for CVE-2024-1156?
Yes, users should refer to the vendor's resources for a specific patch or updates addressing the permissions issue associated with CVE-2024-1156.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/ni
- canonical/rabbitmq (pivotal software)
- vendor/emerson
- canonical/emerson data record ad
- version/emerson data record ad/2.0.1
- canonical/emerson flexlogger
- version/emerson flexlogger/2022_q3
- canonical/emerson g web development software
- version/emerson g web development software/2022_q3
- canonical/labview nxg
- version/labview nxg/5.1
- canonical/emerson specification compliance manager
- version/emerson specification compliance manager/2023_q4
- canonical/emerson sts software bundle
- version/emerson sts software bundle/1.2
- version/emerson sts software bundle/21.0
- canonical/emerson systemlink server