Vulnerabilities > CVE-2022-1660 - Deserialization of Untrusted Data vulnerability in Keysight N6841A RF Firmware and N6854A Firmware

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

keysight

CWE-502

critical

NVD

Published: 2022-06-02

Updated: 2022-06-09

Summary

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Keysight Keysight N6854A Firmware * Keysight N6841A RF Firmware *	2
Hardware	Keysight Keysight N6854A - Keysight N6841A RF -	2

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01