Lucene search
Steven Seeley (mr_me) of Source InciteZDI-23-976HistoryJul 19, 2023 - 12:00 a.m.
KeySight N6841A RF Sensor addFirmwarePackage Directory Traversal Local Privilege Escalation Vulnerability
2023-07-1900:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
3
keysight n6841a
rf sensor
local privilege escalation
directory traversal
firmwarepackage
validation
user-supplied path
arbitrary code
system
0.002 Low
EPSS
Percentile
51.5%
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the addFirmwarePackage function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
prion
prion
Input validation
2023-07-19 22:15:00
zdi
zdi
cve
cve
CVE-2023-34394
2023-07-19 22:15:10
nvd
nvd
CVE-2023-34394
2023-07-19 22:15:10
cvelist
cvelist
CVE-2023-34394 Keysight N6845A Relative Path Traversal
2023-07-19 21:55:31
ics
ics
Keysight N6845A Geolocation Server
2023-07-18 12:00:00