CVE-2024-6122
📋 TL;DR
This vulnerability allows local users to access sensitive information stored in the NI SystemLink Server KeyValueDatabase service due to incorrect directory permissions. It affects NI SystemLink Server 2024 Q1 and earlier, and NI FlexLogger 2023 Q2 and earlier that installed this shared service. Attackers with local access can read database files containing potentially sensitive configuration or application data.
💻 Affected Systems
- NI SystemLink Server
- NI FlexLogger
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local attackers could extract sensitive configuration data, credentials, or application secrets from the Redis database files, potentially enabling further system compromise or data theft.
Likely Case
Local users or malware with local execution could read sensitive application data, configuration files, or potentially discover credentials stored in the database.
If Mitigated
With proper access controls and network segmentation, impact is limited to authorized local users who might access non-critical configuration data.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of the vulnerable directory location. No authentication bypass is needed beyond local system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NI SystemLink Server 2024 Q2 or later; NI FlexLogger 2023 Q3 or later
Restart Required: Yes
Instructions:
1. Download and install the latest version of NI SystemLink Server (2024 Q2+) or NI FlexLogger (2023 Q3+). 2. Restart the affected service or system. 3. Verify directory permissions have been corrected.
🔧 Temporary Workarounds
Manual Permission Correction
allManually set correct permissions on the Redis database directory to restrict access to authorized users only.
Windows: icacls "C:\ProgramData\National Instruments\SystemLink\redis" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F"
Linux: chmod 700 /var/opt/ni/systemlink/redis && chown -R redis:redis /var/opt/ni/systemlink/redis
🧯 If You Can't Patch
- Restrict local user access to systems running vulnerable versions through strict access controls and user privilege management.
- Implement network segmentation to isolate systems with vulnerable software from general user networks.
🔍 How to Verify
Check if Vulnerable:
Check if NI SystemLink Server version is 2024 Q1 or earlier, or NI FlexLogger version is 2023 Q2 or earlier, and verify directory permissions on the Redis data directory allow unauthorized read access.Check Version:
Windows: Check NI SystemLink Server or NI FlexLogger version in Control Panel > Programs and Features. Linux: Check version in package manager or application about dialog.Verify Fix Applied:
Verify installed version is NI SystemLink Server 2024 Q2+ or NI FlexLogger 2023 Q3+, and confirm directory permissions restrict access to authorized users only.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Redis database files in system or application logs
- File access audit logs showing non-privileged users accessing Redis data directory
Network Indicators:
- Local network connections to Redis service from unauthorized users
SIEM Query:
EventID=4663 AND ObjectName LIKE '%SystemLink%redis%' AND Accesses='ReadData' AND SubjectUserName NOT IN ('SYSTEM', 'Administrators')🔗 References
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html
