​Steven Seeley

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** A low privileged attacker could create a local ZIP file containing a malicious script in any location, which could be abused to load a DLL with SYSTEM privileges. The vulnerability is related to the use of dangerous methods or functions. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to the ZIP file creation functionality to prevent exploitation until a patch is available. As a temporary workaround, avoid using the affected functionality that allows loading DLLs with SYSTEM privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keysight Geolocation Server versions 2.4.2 and prior **Description** The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges. This could result in local privilege escalation or a denial-of-service condition. The vulnerability is associated with errors in processing relative paths to directories. **Recommendations** For Keysight Geolocation Server versions 2.4.2 and prior, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected server for critical operations that could be impacted by a denial-of-service condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.