Action not permitted
Modal body text goes here.
cve-2023-1967
Vulnerability from cvelistv5
Published
2023-04-27 21:37
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
CVE-2023-1967
References
▼ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01 | Third Party Advisory, US Government Resource |
Impacted products
▼ | Vendor | Product |
---|---|---|
Keysight | N8844A Data Analytics Web Service |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "N8844A Data Analytics Web Service", "vendor": "Keysight", "versions": [ { "lessThanOrEqual": "2.1.7351", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. " } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-27T21:37:05.110Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" } ], "source": { "discovery": "UNKNOWN" }, "title": "CVE-2023-1967", "x_generator": { "engine": "VINCE 2.0.7", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1967" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-1967", "datePublished": "2023-04-27T21:37:05.110Z", "dateReserved": "2023-04-10T14:51:04.971Z", "dateUpdated": "2024-08-02T06:05:27.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-1967\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-04-27T22:15:09.187\",\"lastModified\":\"2023-11-07T04:05:35.670\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:keysight:n8844a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.7351\",\"matchCriteriaId\":\"4A1836E6-7210-40CE-AC6E-9276AFD17774\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}" } }
gsd-2023-1967
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-1967", "id": "GSD-2023-1967" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-1967" ], "details": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ", "id": "GSD-2023-1967", "modified": "2023-12-13T01:20:41.623637Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2023-1967", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "N8844A Data Analytics Web Service", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "0", "version_value": "2.1.7351" } ] } } ] }, "vendor_name": "Keysight" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. " } ] }, "generator": { "engine": "VINCE 2.0.7", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1967" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01", "refsource": "MISC", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" } ] }, "source": { "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:keysight:n8844a:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.7351", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2023-1967" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. " } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-502" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01", "refsource": "MISC", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2023-05-05T17:14Z", "publishedDate": "2023-04-27T22:15Z" } } }
ghsa-rh47-6j8g-cr2x
Vulnerability from github
Published
2023-04-28 00:30
Modified
2024-04-04 03:43
Severity ?
Details
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
{ "affected": [], "aliases": [ "CVE-2023-1967" ], "database_specific": { "cwe_ids": [ "CWE-502" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-04-27T22:15:09Z", "severity": "CRITICAL" }, "details": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ", "id": "GHSA-rh47-6j8g-cr2x", "modified": "2024-04-04T03:43:08Z", "published": "2023-04-28T00:30:28Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1967" }, { "type": "WEB", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
icsa-23-115-01
Vulnerability from csaf_cisa
Published
2023-04-25 06:00
Modified
2023-11-21 07:00
Summary
Keysight N8844A Data Analytics Web Service (Update A)
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could lead to remote code execution.
Critical infrastructure sectors
Communications, Government
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
{ "document": { "acknowledgments": [ { "names": [ "An anonymous researcher" ], "organization": "Trend Micro Zero Day Initiative", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of this vulnerability could lead to remote code execution. ", "title": "Risk evaluation" }, { "category": "other", "text": "Communications, Government", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "United States", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.", "title": "Recommended Practices" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-23-115-01 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-115-01.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-23-115-01 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/Recommended-Practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://cisa.gov/ics" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Keysight N8844A Data Analytics Web Service (Update A)", "tracking": { "current_release_date": "2023-11-21T07:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-23-115-01", "initial_release_date": "2023-04-25T06:00:00.000000Z", "revision_history": [ { "date": "2023-04-25T06:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "Initial Publication" }, { "date": "2023-11-21T07:00:00.000000Z", "legacy_version": "Update A", "number": "2", "summary": "Update A - Added affected products and mitigations." } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c=2.1.7351", "product": { "name": "N8844A Data Analytics Web Service: \u003c=2.1.7351", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "N8844A Data Analytics Web Service" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "5G Test SW: vers:all/*", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "5G Test SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cJune/20/2023", "product": { "name": "89600 Vector Signal Analysis SW: \u003cJune/20/2023", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "89600 Vector Signal Analysis SW" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Arbitrary Waveform Generators: vers:all/*", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "Arbitrary Waveform Generators" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/17/2023", "product": { "name": "Automotive Compliance Apps: \u003cApril/17/2023", "product_id": "CSAFPID-0005" } } ], "category": "product_name", "name": "Automotive Compliance Apps" }, { "branches": [ { "category": "product_version_range", "name": "\u003cJune/2/2023", "product": { "name": "AXIe Embedded Controllers: \u003cJune/2/2023", "product_id": "CSAFPID-0006" } } ], "category": "product_name", "name": "AXIe Embedded Controllers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "BenchVue: vers:all/*", "product_id": "CSAFPID-0007" } } ], "category": "product_name", "name": "BenchVue" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "BERTs and Compliance Test SW: vers:all/*", "product_id": "CSAFPID-0008" } } ], "category": "product_name", "name": "BERTs and Compliance Test SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/20/2023", "product": { "name": "Boundary Scan Analyzers: \u003cApril/20/2023", "product_id": "CSAFPID-0009" } } ], "category": "product_name", "name": "Boundary Scan Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/22/2023", "product": { "name": "Component Analysis SW: \u003cApril/22/2023", "product_id": "CSAFPID-0010" } } ], "category": "product_name", "name": "Component Analysis SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/20/2023", "product": { "name": "Device Current Waveform Analyzers: \u003cApril/20/2023", "product_id": "CSAFPID-0011" } } ], "category": "product_name", "name": "Device Current Waveform Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/5/2023", "product": { "name": "ENA Network Analyzers: \u003cApril/5/2023", "product_id": "CSAFPID-0012" } } ], "category": "product_name", "name": "ENA Network Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/20/2023", "product": { "name": "EXM Wireless Test: \u003cApril/20/2023", "product_id": "CSAFPID-0013" } } ], "category": "product_name", "name": "EXM Wireless Test" }, { "branches": [ { "category": "product_version_range", "name": "\u003cJuly/21/2023", "product": { "name": "In-Circuit Parallel Testers: \u003cJuly/21/2023", "product_id": "CSAFPID-0014" } } ], "category": "product_name", "name": "In-Circuit Parallel Testers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Infiniium Oscilloscopes: vers:all/*", "product_id": "CSAFPID-0015" } } ], "category": "product_name", "name": "Infiniium Oscilloscopes" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/17/2023", "product": { "name": "InfiniiVision USB and PXIe Oscilloscope SW: \u003cApril/17/2023", "product_id": "CSAFPID-0016" } } ], "category": "product_name", "name": "InfiniiVision USB and PXIe Oscilloscope SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/19/2023", "product": { "name": "Logic Analyzers: \u003cApril/19/2023", "product_id": "CSAFPID-0017" } } ], "category": "product_name", "name": "Logic Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Massively Parallel Board Test Systems: vers:all/*", "product_id": "CSAFPID-0018" } } ], "category": "product_name", "name": "Massively Parallel Board Test Systems" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Multi-Band Vector Transceiver Solutions: vers:all/*", "product_id": "CSAFPID-0019" } } ], "category": "product_name", "name": "Multi-Band Vector Transceiver Solutions" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/22/2023", "product": { "name": "Multiport ECal SW: \u003cApril/22/2023", "product_id": "CSAFPID-0020" } } ], "category": "product_name", "name": "Multiport ECal SW" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "MXE EMI Test Receivers: vers:all/*", "product_id": "CSAFPID-0021" } } ], "category": "product_name", "name": "MXE EMI Test Receivers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMarch/24/2023", "product": { "name": "Noise Figure Analyzers: \u003cMarch/24/2023", "product_id": "CSAFPID-0022" } } ], "category": "product_name", "name": "Noise Figure Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/21/2023", "product": { "name": "Open RAN Studio: \u003cApril/21/2023", "product_id": "CSAFPID-0023" } } ], "category": "product_name", "name": "Open RAN Studio" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/13/2023", "product": { "name": "Optical Modulation Analyzers: \u003cApril/13/2023", "product_id": "CSAFPID-0024" } } ], "category": "product_name", "name": "Optical Modulation Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Oscilloscope Compliance Test SW: vers:all/*", "product_id": "CSAFPID-0025" } } ], "category": "product_name", "name": "Oscilloscope Compliance Test SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/7/2023", "product": { "name": "PathWave Lab Operations for Connectivity: \u003cApril/7/2023", "product_id": "CSAFPID-0026" } } ], "category": "product_name", "name": "PathWave Lab Operations for Connectivity" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMarch/24/2023", "product": { "name": "PathWave Measurement SW: \u003cMarch/24/2023", "product_id": "CSAFPID-0027" } } ], "category": "product_name", "name": "PathWave Measurement SW" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "PathWave Test Automation Platform (TAP): vers:all/*", "product_id": "CSAFPID-0028" } } ], "category": "product_name", "name": "PathWave Test Automation Platform (TAP)" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMarch/15/2023", "product": { "name": "Phase Noise Test System: \u003cMarch/15/2023", "product_id": "CSAFPID-0029" } } ], "category": "product_name", "name": "Phase Noise Test System" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMay/4/2023", "product": { "name": "PNA Network Analyzers: \u003cMay/4/2023", "product_id": "CSAFPID-0030" } } ], "category": "product_name", "name": "PNA Network Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/20/2023", "product": { "name": "Precision Source/Measure Units: \u003cApril/20/2023", "product_id": "CSAFPID-0031" } } ], "category": "product_name", "name": "Precision Source/Measure Units" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMay/5/2023", "product": { "name": "Propsim Channel Emulators: \u003cMay/5/2023", "product_id": "CSAFPID-0032" } } ], "category": "product_name", "name": "Propsim Channel Emulators" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMay/12/2023", "product": { "name": "PXIe Embedded Controllers: \u003cMay/12/2023", "product_id": "CSAFPID-0033" } } ], "category": "product_name", "name": "PXIe Embedded Controllers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "PXIe Network Analyzers: vers:all/*", "product_id": "CSAFPID-0034" } } ], "category": "product_name", "name": "PXIe Network Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "PXIe Signal Analyzers and Generators: vers:all/*", "product_id": "CSAFPID-0035" } } ], "category": "product_name", "name": "PXIe Signal Analyzers and Generators" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Radar Target Simulators: vers:all/*", "product_id": "CSAFPID-0036" } } ], "category": "product_name", "name": "Radar Target Simulators" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Sampling Oscilloscope Compliance Test SW: vers:all/*", "product_id": "CSAFPID-0037" } } ], "category": "product_name", "name": "Sampling Oscilloscope Compliance Test SW" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Signal Generation SW: vers:all/*", "product_id": "CSAFPID-0038" } } ], "category": "product_name", "name": "Signal Generation SW" }, { "branches": [ { "category": "product_version_range", "name": "\u003cJuly/7/2023", "product": { "name": "Signal Source Analyzers: \u003cJuly/7/2023", "product_id": "CSAFPID-0039" } } ], "category": "product_name", "name": "Signal Source Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/22/2023", "product": { "name": "USB Network Analyzers: \u003cApril/22/2023", "product_id": "CSAFPID-0040" } } ], "category": "product_name", "name": "USB Network Analyzers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cMarch/24/2023", "product": { "name": "UXM 5G Wireless Test: \u003cMarch/24/2023", "product_id": "CSAFPID-0041" } } ], "category": "product_name", "name": "UXM 5G Wireless Test" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/27/2023", "product": { "name": "VXG Signal Generators: \u003cApril/27/2023", "product_id": "CSAFPID-0042" } } ], "category": "product_name", "name": "VXG Signal Generators" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "VXT PXIe Transceivers: vers:all/*", "product_id": "CSAFPID-0043" } } ], "category": "product_name", "name": "VXT PXIe Transceivers" }, { "branches": [ { "category": "product_version_range", "name": "\u003cApril/5/2023", "product": { "name": "WaveJudge Wireless Analyzer Apps: \u003cApril/5/2023", "product_id": "CSAFPID-0044" } } ], "category": "product_name", "name": "WaveJudge Wireless Analyzer Apps" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "X-Series Signal Analyzers: vers:all/*", "product_id": "CSAFPID-0045" } } ], "category": "product_name", "name": "X-Series Signal Analyzers" } ], "category": "vendor", "name": "Keysight " } ] }, "vulnerabilities": [ { "cve": "CVE-2023-1967", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "summary", "text": "Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0016", "CSAFPID-0017", "CSAFPID-0018", "CSAFPID-0019", "CSAFPID-0020", "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037", "CSAFPID-0038", "CSAFPID-0039", "CSAFPID-0040", "CSAFPID-0041", "CSAFPID-0042", "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0045" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1967" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Keysight has developed a mitigation for supported Keysight products that contain this vulnerability. They recommend that users install the updated versions as soon as possible. Older versions of impacted software may have this vulnerability; Keysight recommends that users discontinue the use of these older versions and uninstall them. To check whether your products are impacted, and to get the latest versions, use the Keysight Product Lookup Tool", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0016", "CSAFPID-0017", "CSAFPID-0018", "CSAFPID-0019", "CSAFPID-0020", "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037", "CSAFPID-0038", "CSAFPID-0039", "CSAFPID-0040", "CSAFPID-0041", "CSAFPID-0042", "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0045" ], "url": "https://www.keysight.com/us/en/about/quality-and-security/security/product-and-solution-cyber-security/security-advisory-archive/security-advisory--cve-2023-1967.html" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-0010", "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0016", "CSAFPID-0017", "CSAFPID-0018", "CSAFPID-0019", "CSAFPID-0020", "CSAFPID-0021", "CSAFPID-0022", "CSAFPID-0023", "CSAFPID-0024", "CSAFPID-0025", "CSAFPID-0026", "CSAFPID-0027", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030", "CSAFPID-0031", "CSAFPID-0032", "CSAFPID-0033", "CSAFPID-0034", "CSAFPID-0035", "CSAFPID-0036", "CSAFPID-0037", "CSAFPID-0038", "CSAFPID-0039", "CSAFPID-0040", "CSAFPID-0041", "CSAFPID-0042", "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0045" ] } ] } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.