Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. This affects the 2022 Q3 release and all prior versions of the NI LabVIEW CLI software. This vulnerability is identified as CVE-2022-42718.
NI strongly recommends upgrading the affected software to fix against this vulnerability. Refer to the Affected Products section to download the update. If upgrading is not possible, this issue may be mitigated using the following methods.
Using the command line:
Using Windows Explorer
Product Version | Mitigation |
---|---|
NI LabVIEW CLI versions prior to 22.3.0* | Install NI LabVIEW CLI version 22.3.1 or later using NI Package Manager or here. |
CVE-2022-42718 – 6.7 - CVSS:3.1 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank Michael Kenney (@bzyo_) for reporting this issue and working with us on coordinated disclosure.