CVE-2024-6806: Missing Authorization Checks In NI VeriStand Gateway For Project Resources
First published: Mon Jul 22 2024(Updated: )
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NI VeriStand | <=2024 | |
| NI VeriStand | =2024-q2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6806?
CVE-2024-6806 is a critical vulnerability due to missing authorization checks that could allow for remote code execution.
How do I fix CVE-2024-6806?
To fix CVE-2024-6806, users should update to the latest version of NI VeriStand that addresses this vulnerability.
Which versions of NI VeriStand are affected by CVE-2024-6806?
CVE-2024-6806 affects NI VeriStand 2024 Q2 and all prior versions.
What type of vulnerability is CVE-2024-6806?
CVE-2024-6806 is characterized as a remote code execution vulnerability due to insufficient authorization checks.
Can CVE-2024-6806 be exploited remotely?
Yes, CVE-2024-6806 can be exploited remotely if the actor has access to the vulnerable NI VeriStand Gateway.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/ni
- canonical/ni veristand
- version/ni veristand/2024
- version/ni veristand/2024-q2