Keysight N8844A Data Analytics Web Service (Update A)

1. EXECUTIVE SUMMARY

• CVSS v3 9.8 *ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Keysight
• Equipment: N8844A Data Analytics Web Service
• Vulnerability: Deserialization of Untrusted Data

2. RISK EVALUATION

Successful exploitation of this vulnerability could lead to remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Keysight reports this vulnerability affects one or more products in the following groups. There are multiple fix dates in these product groups; users are encouraged to visit Keysight’s product lookup tool for details:

• N8844A Data Analytics Web Service: Version 2.1.7351 and prior
• 5G Test SW: all versions
• 89600 Vector Signal Analysis SW: versions prior to 6/20/2023
• Arbitrary Waveform Generators: all versions
• Automotive Compliance Apps: versions prior to 4/17/2023
• AXIe Embedded Controllers: versions prior to 6/2/2023
• BenchVue: all versions
• BERTs and Compliance Test SW: all versions
• Boundary Scan Analyzers: versions prior to 4/20/2023
• Component Analysis SW: versions prior to 4/22/2023
• Device Current Waveform Analyzers: versions prior to 4/20/2023
• ENA Network Analyzers: versions prior to 4/5/2023
• EXM Wireless Test: versions prior to 4/20/2023
• In-Circuit Parallel Testers: versions prior to 7/21/2023
• Infiniium Oscilloscopes: all versions
• InfiniiVision USB and PXIe Oscilloscope SW: versions prior to 4/17/2023
• Logic Analyzers: versions prior to 4/19/2023
• Massively Parallel Board Test Systems: all versions
• Multi-Band Vector Transceiver Solutions: all versions
• Multiport ECal SW: versions prior to 4/22/2023
• MXE EMI Test Receivers: all versions
• Noise Figure Analyzers: versions prior to 3/24/2023
• Open RAN Studio: versions prior to 4/21/2023
• Optical Modulation Analyzers: versions prior to 4/13/2023
• Oscilloscope Compliance Test SW: all versions
• PathWave Lab Operations for Connectivity: versions prior to 4/7/2023
• PathWave Measurement SW: versions prior to 3/24/2023
• PathWave Test Automation Platform (TAP): all versions
• Phase Noise Test System: versions prior to 3/15/2023
• PNA Network Analyzers: versions prior to 5/4/2023
• Precision Source/Measure Units: versions prior to 4/20/2023
• Propsim Channel Emulators: versions prior to 5/5/2023
• PXIe Embedded Controllers: versions prior to 5/12/2023
• PXIe Network Analyzers: all versions
• PXIe Signal Analyzers and Generators: all versions
• Radar Target Simulators: all versions
• Sampling Oscilloscope Compliance Test SW: all versions
• Signal Generation SW: all versions
• Signal Source Analyzers: versions prior to 7/7/2023
• USB Network Analyzers: versions prior to 4/22/2023
• UXM 5G Wireless Test: versions prior to 3/24/2023
• VXG Signal Generators: versions prior to 4/27/2023
• VXT PXIe Transceivers: all versions
• WaveJudge Wireless Analyzer Apps: versions prior to 4/5/2023
• X-Series Signal Analyzers: all versions

3.2 Vulnerability Overview

3.2.1 Deserialization of Untrusted Data CWE-502

Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.

CVE-2023-1967 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Communications, Government
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

An anonymous researcher working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Keysight has developed a mitigation for supported Keysight products that contain this vulnerability. They recommend that users install the updated versions as soon as possible. Older versions of impacted software may have this vulnerability; Keysight recommends that users discontinue the use of these older versions and uninstall them. To check whether your products are impacted, and to get the latest versions, use the Keysight Product Lookup Tool.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

• Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolate them from business networks.
• When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

• April 25, 2023: Initial Publication
• November 21, 2023: Update A - Added affected products and mitigations.