CVE-2022-1660

Name of the Vulnerable Software and Affected Versions Keysight N6841A RF Sensor versions (affected versions not specified) Keysight N6854A Geo-Location Server versions (affected versions not specified)

Description The issue is related to the deserialization of untrusted data without prior authorization or authentication, which may allow a remote attacker to execute arbitrary code. This is due to a vulnerability in the implementation of the Spring Framework configuration in the microprogrammed software of the sensors for monitoring the Keysight N6841A RF spectrum and the microprogrammed software of the Keysight N6854A geo-location servers. The vulnerability is associated with the recovery in memory of an untrusted data structure.

Recommendations For Keysight N6841A RF Sensor, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Keysight N6854A Geo-Location Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.