8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-4570

GHSA ID

GHSA-3f48-9j7q-q2gv

EPSS Score

0.3055%

CWE

CWE-420

Published

10/5/2023

Updated

11/9/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-4570

CVE-2023-4570: NI MeasurementLink Python Services Improper Access Restriction vulnerability

Impact

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.

Patches

Upgrade all Python measurement plug-ins to use ni-measurementlink-service version 1.1.1 or later.

References

Visit ni.com/info and enter the info code cve-2023-4570 for more information.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-4570

GHSA ID

GHSA-3f48-9j7q-q2gv

EPSS Score

0.3055%

CWE

CWE-420

Published

10/5/2023

Updated

11/9/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ni-measurementlink-service	pip	< 1.1.1	1.1.1
ni-measurementlink-service	pip	>= 1.2.0.dev0, < 1.2.0	1.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The critical vulnerability stemmed from binding the service to all network interfaces (IPv6 '::' wildcard) instead of loopback. The commit diff shows the fix explicitly sets host='[::1]' (IPv6 loopback) in service_manager.py's start method. This matches CWE-420 (Unprotected Alternate Channel) as it improperly exposed a communication channel thought to be restricted.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n improp*r ****ss r*stri*tion in NI M**sur*m*ntLink Pyt*on s*rvi**s *oul* *llow *n *tt**k*r on *n **j***nt n*twork to r**** s*rvi**s *xpos** on lo**l*ost. T**s* s*rvi**s w*r* pr*viously t*ou**t to ** unr******l* outsi** o* t** no**. T*i

Reasoning

T** *riti**l vuln*r**ility st*mm** *rom *in*in* t** s*rvi** to *ll n*twork int*r****s (IPv* '::' wil***r*) inst*** o* loop***k. T** *ommit *i** s*ows t** *ix *xpli*itly s*ts *ost='[::*]' (IPv* loop***k) in s*rvi**_m*n***r.py's st*rt m*t*o*. T*is m*t*

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-4570: NI MeasurementLink Python Services Improper Access Restriction vulnerability

Impact

Patches

References

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI