CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2022-1661 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1661
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Los productos afectados son vulnerables a un salto de directorio, lo que puede permitir a un atacante obtener archivos arbitrarios del sistema operativo This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserFirmwareRequestHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1660 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1660
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Los productos afectados son vulnerables de datos no confiables debido a la deserialización sin autorización/autenticación previa, lo que puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Spring Framework. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-502: Deserialization of Untrusted Data •