Lucene search
AnonymousZDI-23-974HistoryJul 19, 2023 - 12:00 a.m.
KeySight N6841A RF Sensor removeLicenseFile Directory Traversal Local Privilege Escalation Vulnerability
2023-07-1900:00:00
Anonymous
www.zerodayinitiative.com
4
vulnerability
keysight n6841a
rf sensor
removelicensefile
directory traversal
local privilege escalation
exploitation
file operations
arbitrary code
system context
0.002 Low
EPSS
Percentile
51.5%
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the removeLicenseFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
prion
prion
Input validation
2023-07-19 22:15:00
cve
cve
CVE-2023-34394
2023-07-19 22:15:10
zdi
zdi
nvd
nvd
CVE-2023-34394
2023-07-19 22:15:10
cvelist
cvelist
CVE-2023-34394 Keysight N6845A Relative Path Traversal
2023-07-19 21:55:31
ics
ics
Keysight N6845A Geolocation Server
2023-07-18 12:00:00