cbcvebase.
CVE-2022-38129
published 2022-08-10

CVE-2022-38129: A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.38%
96.9th percentile
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.

Affected

1 ranges
VendorProductVersion rangeFixed in
keysightsensor_management_server

Detection & IOCsextracted from sources · hover to see the quote

processKeysightSMS.exe
pathlicenses/
  • Monitor HTTP POST requests to /server/service/licensingServiceHttpInvoker for path traversal sequences (e.g., '../' or forward slashes) in the license file name parameter, which bypass the Windows file separator check.
  • Detect execution of ping.exe from the SMS installation directory (non-System32 path) as a child process of KeysightSMS.exe, which indicates the attacker-dropped payload is being executed instead of the legitimate Windows binary.
  • ·The path traversal bypass works specifically because the code checks only for the Windows file separator (backslash) via File.separator, but does not validate forward slashes, making the protection OS-separator-dependent and bypassable on Windows hosts.
  • ·The vulnerability is exploitable with no authentication required; both the file upload and the RCE trigger endpoints are accessible to unauthenticated remote attackers.
  • ·The RCE via sensorPing() relies on the SMS process current working directory being the installation directory, so the dropped payload (ping.exe) is resolved before C:\Windows\System32\ping.exe due to PATH/CWD precedence.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.