CVE-2024-6805 – CVE-2024-6805 is an authorization bypass vulner... (How to Fix)

Q: What is the severity of CVE-2024-6805?

CVE-2024-6805 has a CVSS score of 7.5 (HIGH). CVE-2024-6805 is an authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access File Transfer resources. This can lead to information disclosure or remote code execution. It affects NI VeriStand 2024 Q2 and all prior versions.

📋 TL;DR

CVE-2024-6805 is an authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access File Transfer resources. This can lead to information disclosure or remote code execution. It affects NI VeriStand 2024 Q2 and all prior versions.

💻 Affected Systems

Products:

NI VeriStand Gateway

Versions: 2024 Q2 and all prior versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the File Transfer functionality within VeriStand Gateway component.

📦 What is this software?

Veristand by Ni

View all CVEs affecting Veristand →

Veristand by Ni

View all CVEs affecting Veristand →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or disruption of industrial control systems.

🟠

Likely Case

Unauthorized file access and information disclosure from the VeriStand system.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can exploit without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Missing authorization checks make exploitation straightforward once access to the gateway is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NI VeriStand 2024 Q3 or later

Vendor Advisory: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html

Restart Required: Yes

Instructions:

1. Download NI VeriStand 2024 Q3 or later from NI website. 2. Install the update following NI's installation guide. 3. Restart the VeriStand system and verify the update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate VeriStand Gateway from untrusted networks and restrict access to authorized systems only.

Disable File Transfer

windows

If File Transfer functionality is not required, disable it in VeriStand configuration.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the VeriStand Gateway
Monitor for unauthorized file access attempts and implement additional authentication layers

🔍 How to Verify

Check if Vulnerable:

Check NI VeriStand version in the software interface or via Windows Programs and Features.

Check Version:

Check NI VeriStand version in Windows Control Panel > Programs and Features

Verify Fix Applied:

Verify installed version is 2024 Q3 or later and test File Transfer functionality with unauthorized access attempts.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to File Transfer resources
Unexpected file operations from unauthenticated sources

Network Indicators:

Unusual traffic patterns to VeriStand Gateway File Transfer endpoints
File transfer requests from unauthorized IP addresses

SIEM Query:

source="veristand" AND (event="file_transfer" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2024-6805

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

Published: July 22, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6805, you might also want to check these: