OTPulse
FeedAboutContact

Keysight N6845A Geolocation Server

Plan Patch7.8ICS-CERT ICSA-23-080-01Mar 29, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A privilege escalation vulnerability in the N6854A Geolocation Server (version 2.4.2 and earlier) allows a local attacker with user-level access to escalate privileges and achieve remote code execution. An attacker could run arbitrary commands, delete system files, or alter device configuration. Keysight has released version 2.4.3 as a fix.

What this means
What could happen
An attacker with local access to the Geolocation Server could escalate their privileges and execute arbitrary commands, potentially altering system configuration, deleting critical files, or disrupting geolocation services that may support network monitoring or location-based operations.
Who's at risk
Keysight N6854A Geolocation Server operators who use this device for network geolocation, monitoring, or location-aware operations should prioritize this issue. This affects organizations in telecommunications, aerospace, defense, and other sectors that rely on Keysight RF and microwave test equipment for location services.
How it could be exploited
An attacker with local shell access to the N6854A Geolocation Server (or who has gained initial local access through another means) could exploit a privilege escalation vulnerability to run commands with elevated privileges. The attack requires local access to the device; it cannot be performed remotely over the network.
Prerequisites
  • Local command-line or shell access to the N6854A Geolocation Server
  • User-level privileges on the affected device
  • Physical or direct network access (not remotely exploitable)
Local access required for exploitation (not remotely exploitable)Privilege escalation capabilityLow complexity attackDefault configuration affectedNo patch available yet from vendor
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
N6854A Geolocation Server:≤ 2.4.22.4.3
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict local access to the N6854A Geolocation Server—limit command-line access to authorized personnel and disable unnecessary local accounts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade N6854A Geolocation Server firmware to version 2.4.3 or later during a maintenance window
Long-term hardening
0/2
HARDENINGIsolate the Geolocation Server from business networks and restrict access from engineering workstations
HARDENINGImplement physical access controls to the device and its network connection
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e1988270-139e-4c46-89b3-7d2a52f92a5e