Home

Description

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.

PUBLISHED Reserved 2024-04-22 | Published 2024-05-10 | Updated 2024-08-01 | Assigner NI




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Credits

kimiya working with Trend Micro Zero Day Initiative reporter

References

ni.com/r/CVE-2024-4044

ni.com/r/CVE-2024-4044

cve.org (CVE-2024-4044)

nvd.nist.gov (CVE-2024-4044)

Download JSON