CVE-2024-5602

23 Jul 2024

Título es

CVE-2024-5602

Mar, 23/07/2024 – 14:15

Tipo

CWE-121

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-5602

Descripción en

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.

The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.  Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.

23/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html

Enviar en el boletín

Off

CVE-2024-5602

CVE-2024-5602

Jose Alexis Correa Valencia