Vulnerabilities > CVE-2023-4601 - Out-of-bounds Write vulnerability in NI System Configuration

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-787

critical

NVD

Published: 2023-10-18

Updated: 2023-10-28

Summary

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.

Vulnerable Configurations

Part	Description	Count
Application	Ni NI System Configuration 5.5.1 NI System Configuration 5.6 NI System Configuration 14.0 NI System Configuration 14.0.1 NI System Configuration 14.5 NI System Configuration 15.0 NI System Configuration 15.3 NI System Configuration 16.0 NI System Configuration 16.0.1 NI System Configuration 17.0 NI System Configuration 17.5 NI System Configuration 18.0 NI System Configuration 18.1 NI System Configuration 18.5 NI System Configuration 19.0 NI System Configuration 19.5 NI System Configuration 20.0 NI System Configuration 20.5 NI System Configuration 21.0 NI System Configuration 21.5 NI System Configuration 2022 NI System Configuration 2023	23
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html