CVE-2023-36853

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 19, 2023

Updated: Nov 7, 2023

CWE ID 427

CWE ID 749

Summary

CVE-2023-36853 is a vulnerability affecting Keysight Geolocation Server versions 2.4.2 and older. An attacker with low privileges can create a malicious ZIP file in any location and upload it to the server. This file contains a script that, when processed, loads a DLL with SYSTEM privileges, enabling the attacker to gain elevated access and potentially execute unauthorized commands on the system. This vulnerability poses a significant risk and requires immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Keysight Technologies Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-20_I
https://www.cve.org/CVERecord?id=CVE-2023-36853
https://nvd.nist.gov/vuln/detail/CVE-2023-36853

Back to Vulnerability Database

CVE-2023-36853

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations