CVE-2023-4570

Description

### Impact An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the `ni-measurementlink-service` Python package and all previous versions. ### Patches Upgrade all Python measurement plug-ins to use `ni-measurementlink-service` version 1.1.1 or later. ### References Visit [ni.com/info](http://www.ni.com/info) and enter the info code `cve-2023-4570` for more information.

How to fix CVE-2023-4570

To remediate CVE-2023-4570, upgrade the affected package to a fixed version below.

• —upgrade to 1.1.1 or later

Is CVE-2023-4570 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.1.1

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-4570
• PATCHgithub.com/ni/measurementlink-python
• WEBgithub.com/ni/measurementlink-python/commit/3e9d45147befc9a151fca5582c64fa77c7ba1980
• WEBgithub.com/ni/measurementlink-python/commit/d2c73b1e0252081e1b89767aa916d73772d04dd9