CVE-2024-6806

moderate-risk
Published 2024-07-22

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

Do I need to act?

~
5.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Veristand
Veristand

Affected Vendors

Ni

References (2)

Vendor Advisory https://www.ni.com/en/support/security/available-critical-and-security-updates-f...
Vendor Advisory https://www.ni.com/en/support/security/available-critical-and-security-updates-f...
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 7/34 · Low