Unquoted Service Path in NI Service Locator

概览

There is an Unquoted Service Path in NI Service Locator in versions prior to 18.0.  This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.  This vulnerability is described in CVE-2021-42563.  

 

The NI Service Locator is installed with many NI products.  This vulnerability applies to Windows systems only.  Refer to the Mitigation Guidance section for identifying the version of NI Service Locator installed and how to upgrade or install the patch. 

 

NI strongly recommends upgrading or applying the available patches.

Contents

Mitigation Guidance

To determine if the NI Service Locator installed and to determine its version:

  1. Navigate to <Program Files>\National Instruments\Shared\niSvcLoc\

    • Note: NI Service Locator is a 32-bit application. For 64-bit operating systems, 32-bit applications will be in Program Files (x86) by default, rather than Program Files.
       
  2. To see the version number, hover over the file niSvcLoc.exe, or right-click on the file and select Properties >> Details tab >> view the Product Version property.

If the version is prior to 18.0.0.49152 (18.0.0.0f0), users should install the patch as described below.

To install the patch:

  1. Download the ni-svcloc_20.0.0_offline.iso from the Downloads section of this page. 
  2. (Optional) Compare the attached MD5 hash of the file to the published hash.
  3. Distribute the .iso file to the Windows machine where you will install the patch.
  4. Mount the .iso file.
  5. Run the installer to install the patch.

Workarounds

NI strongly recommends applying the patch, however, if updating the application is not possible, the following workaround can be used as a temporary measure.  Users can manually edit ImagePath in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NiSvcLoc registry key to add quotes around the fully qualified path. 

Affected Products

Product Version

Mitigation

NI Service Locator versions before 18.0.0*

Download the 20.0.0f0 patch.  See Downloads section

CVSS Score

CVE-2021-42563 – 7.3 - CVSS:3.1 /AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Further Information

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

Acknowledgements

NI would like to acknowledge the Lockheed Martin Red Team, among others, for reporting this issue and working with us on coordinated disclosure.