CVE-2023-34394

Summary

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
Keysight TechnologiesN6845A Geolocation Server0 <= 2.4.2affected

Weaknesses

  • CWE-23: CWE-23 ​Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References