CVE-2023-34394 – Keysight N6845A Relative Path Traversal
https://notcve.org/view.php?id=CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deleteEmbeddedApp function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02 • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-36853 – Keysight Geolocation Server Exposed Dangerous Method or Function
https://notcve.org/view.php?id=CVE-2023-36853
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the smsRestoreDatabaseZip function. The issue results from an exposed dangerous function. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02 • CWE-427: Uncontrolled Search Path Element CWE-749: Exposed Dangerous Method or Function •
CVE-2023-1967 – CVE-2023-1967
https://notcve.org/view.php?id=CVE-2023-1967
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N8844A Data Analytics Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Unmarshal function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01 • CWE-502: Deserialization of Untrusted Data •
CVE-2023-1860 – Keysight IXIA Hawkeye licenses cross site scripting
https://notcve.org/view.php?id=CVE-2023-1860
A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. • https://vuldb.com/?ctiid.224998 https://vuldb.com/?id.224998 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1399 – KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1399
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the LAHttpInvokerServiceExporter class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01 • CWE-502: Deserialization of Untrusted Data •