CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1399 – KeySight N6841A RF Sensor LAHttpInvokerServiceExporter Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1399
27 Mar 2023 — N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wi... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1660 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1660
27 May 2022 — The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Los productos afectados son vulnerables de datos no confiables debido a la deserialización sin autorización/autenticación previa, lo que puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sens... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0CVE-2022-1661 – Keysight N6854A Geolocation server and N6841A RF Sensor software
https://notcve.org/view.php?id=CVE-2022-1661
27 May 2022 — The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Los productos afectados son vulnerables a un salto de directorio, lo que puede permitir a un atacante obtener archivos arbitrarios del sistema operativo This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •