Keysight N6845A Geolocation Server

Plan Patch7.8ICS-CERT ICSA-23-199-02Jul 18, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Keysight N6854A Geolocation Server versions 2.4.2 and earlier contain a path traversal vulnerability (CWE-23) and improper resource validation flaw (CWE-749) that allow a local attacker to escalate privileges and execute arbitrary code. Successful exploitation could result in privilege escalation, arbitrary code execution, or denial-of-service conditions. The vulnerabilities are not remotely exploitable and require local access to the server.

What this means

What could happen

An attacker with local access to the N6854A Geolocation Server could escalate privileges, execute arbitrary code, or disrupt geolocation services that may feed into network monitoring or asset tracking systems.

Who's at risk

Network monitoring teams and system integrators who operate Keysight N6854A Geolocation Servers in network management or asset tracking environments. The risk is primarily to organizations that allow development staff, contractors, or shared workstations local access to these servers.

How it could be exploited

An attacker must first gain local access to the N6854A server (e.g., via compromised workstation access, physical console access, or lateral movement from another system on the same network segment). Once local, the attacker can exploit path traversal (CWE-23) or improper resource validation (CWE-749) to escalate privileges and run arbitrary commands with elevated rights.

Prerequisites

Local access to the N6854A Geolocation Server
Low-privilege user account or local shell access
N6854A firmware version 2.4.2 or earlier

No authentication required for local exploitationLow complexity attack once local access is gainedNo patch available at time of advisory releaseHigh privilege escalation impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

N6854A Geolocation Server: <= 2.4.2≤ 2.4.22.4.3

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local console and SSH access to the N6854A to authorized engineering staff only; disable unnecessary local accounts

HARDENINGIsolate the N6854A Geolocation Server on a separate management network segment behind a firewall; block unnecessary inbound connections from business or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade N6854A Geolocation Server to firmware version 2.4.3 or later

Long-term hardening

0/1

HARDENINGMonitor for unauthorized local login attempts to the N6854A using host-based logs or SIEM correlation

CVEs (2)

CVE-2023-36853 CVE-2023-34394

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e0e4de21-f616-40dd-9ec5-56cbd50ccdf8