CVE-2022-1661

Keysight N6854A Geolocation server and N6841A RF Sensor software

Description

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.

Solution:

Keysight recommends users update N6854A and N6841A RF to v2.4.0 or later. Keysight also recommends users take the following actions to help reduce risk: Block incoming connection on TCP port number defined by environment variable KEYSIGHT_SMS_PORT (default: 8080)

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01	third party advisory us government resource

What is the severity of CVE-2022-1661?: CVE-2022-1661 has been scored as a high severity vulnerability.
How to fix CVE-2022-1661?: To fix CVE-2022-1661: Keysight recommends users update N6854A and N6841A RF to v2.4.0 or later. Keysight also recommends users take the following actions to help reduce risk: Block incoming connection on TCP port number defined by environment variable KEYSIGHT_SMS_PORT (default: 8080)
Is CVE-2022-1661 being actively exploited in the wild?: It is possible that CVE-2022-1661 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-1661?: CVE-2022-1661 affects Keysight N6854A Geolocation server and N6841A RF Sensor software.