CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1660 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1660
27 May 2022 — The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Los productos afectados son vulnerables de datos no confiables debido a la deserialización sin autorización/autenticación previa, lo que puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sens... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0CVE-2022-1661 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1661
27 May 2022 — The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Los productos afectados son vulnerables a un salto de directorio, lo que puede permitir a un atacante obtener archivos arbitrarios del sistema operativo This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •