Buffer Overflow Vulnerability in NI I/O Trace Tool Could Lead to Arbitrary Code Execution
CVE-2024-5602

7.8HIGH

Key Information:

Vendor: Ni
Status: Io Trace Tool
Vendor: CVE Published:; 23 July 2024

What is CVE-2024-5602?

The vulnerability arises from a stack-based buffer overflow in the NI I/O Trace Tool, caused by a missing bounds check. This flaw can potentially allow an attacker to execute arbitrary code on the vulnerable system. Exploitation requires that the victim open a specially crafted nitrace file, which poses a significant risk to the integrity and security of systems using this tool. The NI I/O Trace Tool is part of the NI System Configuration utilities and is utilized widely in various NI software environments, including instances where it functions under the previous name NI Spy. Users are encouraged to review the NI Security Advisory for more information on affected versions and to implement necessary measures promptly.

Affected Version(s)

IO Trace Tool 0 <= 24.3

References

https://www.ni.com/en/support/security/available-critical...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Michael Heinzl working with CISA

Ni

What is CVE-2024-5602?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit