Deserialization of Untrusted Data Vulnerability May Lead to Remote Code Execution
CVE-2024-4044

7.8HIGH

Key Information:

Vendor: Ni
Status: Flexlogger; Instrumentstudio
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4044?

A vulnerability exists in the common code utilized by NI FlexLogger and InstrumentStudio, specifically related to the deserialization of untrusted data. This flaw can potentially allow an attacker to perform remote code execution if the user inadvertently opens a specially crafted project file. The affected versions include NI FlexLogger 2024 Q1 and earlier, as well as NI InstrumentStudio 2024 Q1 and earlier.

Affected Version(s)

FlexLogger Windows 0 <= 24.1

InstrumentStudio Windows 0 <= 24.1

References

https://ni.com/r/CVE-2024-4044

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 22, 2024

Credit

kimiya working with Trend Micro Zero Day Initiative

Ni

What is CVE-2024-4044?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit