CVE-2023-4570: 
Python vulnerability analysis and mitigation

An improper access restriction vulnerability (CVE-2023-4570) was discovered in NI MeasurementLink Python services, affecting version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. The vulnerability was disclosed on October 5, 2023, and allows attackers on adjacent networks to access services that were intended to be restricted to localhost only (NVD, Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The technical assessment indicates that the vulnerability requires adjacent network access, has low attack complexity, needs no privileges or user interaction, and can potentially impact confidentiality, integrity, and availability at high levels (NVD).

The vulnerability exposes services that were intended to be restricted to localhost, potentially allowing attackers on adjacent networks to access these services. This could lead to high impacts on confidentiality, integrity, and availability of the affected systems (Vendor Advisory).

NI strongly recommends upgrading to ni-measurementlink-service version 1.1.1 or later. The mitigation process involves terminating all measurement service processes, upgrading the ni-measurementlink-service Python package for each measurement plug-in project, updating dependency files, rebuilding virtual environments, and reinstalling updated measurement plug-ins to the MeasurementLink static registration directory (Vendor Advisory).