CVE-2024-6806 – CVE-2024-6806 is a critical authorization bypas... (How to Fix)

Q: What is the severity of CVE-2024-6806?

CVE-2024-6806 has a CVSS score of 9.8 (CRITICAL). CVE-2024-6806 is a critical authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access project resources. This missing authorization check can lead to remote code execution. The vulnerability affects NI VeriStand 2024 Q2 and all prior versions.

📋 TL;DR

CVE-2024-6806 is a critical authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access project resources. This missing authorization check can lead to remote code execution. The vulnerability affects NI VeriStand 2024 Q2 and all prior versions.

💻 Affected Systems

Products:

NI VeriStand Gateway

Versions: 2024 Q2 and all prior versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of NI VeriStand with the Gateway component enabled.

📦 What is this software?

Veristand by Ni

View all CVEs affecting Veristand →

Veristand by Ni

View all CVEs affecting Veristand →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to execute arbitrary code with system privileges, potentially leading to data theft, system destruction, or lateral movement.

🟠

Likely Case

Unauthorized access to sensitive project resources and configuration data, with potential for privilege escalation to remote code execution.

🟢

If Mitigated

Limited to unauthorized data access if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has a simple exploitation path due to missing authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NI VeriStand 2024 Q3 or later

Vendor Advisory: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html

Restart Required: Yes

Instructions:

1. Download NI VeriStand 2024 Q3 or later from NI website. 2. Run the installer. 3. Follow installation prompts. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NI VeriStand Gateway systems from untrusted networks and internet access.

Access Control Lists

all

Implement strict firewall rules to limit access to NI VeriStand Gateway ports.

🧯 If You Can't Patch

Disable NI VeriStand Gateway component if not required
Implement network segmentation and strict access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check NI VeriStand version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\National Instruments\VeriStand\Version

Check Version:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\National Instruments\VeriStand" /v Version

Verify Fix Applied:

Verify version is 2024 Q3 or later and check vendor advisory for specific patch verification steps.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to project resources
Unexpected process execution from NI VeriStand Gateway

Network Indicators:

Unusual network traffic to/from NI VeriStand Gateway ports
Unauthorized API calls to Gateway endpoints

SIEM Query:

source="NI_VeriStand" AND (event_type="unauthorized_access" OR process_execution="suspicious")

📊 Metadata

CVE ID: CVE-2024-6806

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: July 22, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6806, you might also want to check these: