CVE-2024-6805: Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
First published: Mon Jul 22 2024(Updated: )
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NI VeriStand | <=2024 | |
| NI VeriStand | =2024-q2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6805?
CVE-2024-6805 has high severity due to the potential for information disclosure and remote code execution.
How do I fix CVE-2024-6805?
To fix CVE-2024-6805, update to the latest version of NI VeriStand beyond 2024 Q2.
What versions are affected by CVE-2024-6805?
CVE-2024-6805 affects NI VeriStand 2024 Q2 and all prior versions.
What are the potential risks of CVE-2024-6805?
The risks of CVE-2024-6805 include unauthorized access to File Transfer resources, leading to information disclosure or remote code execution.
Who is vulnerable to CVE-2024-6805?
Organizations using NI VeriStand versions 2024 Q2 and prior are vulnerable to CVE-2024-6805.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ni
- canonical/ni veristand
- version/ni veristand/2024
- version/ni veristand/2024-q2