CVE-2022-38129
published 2022-08-10CVE-2022-38129: A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.38%
96.9th percentile
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keysight | sensor_management_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /server/service/licensingServiceHttpInvoker for path traversal sequences (e.g., '../' or forward slashes) in the license file name parameter, which bypass the Windows file separator check. ↗
- →Detect execution of ping.exe from the SMS installation directory (non-System32 path) as a child process of KeysightSMS.exe, which indicates the attacker-dropped payload is being executed instead of the legitimate Windows binary. ↗
- ·The path traversal bypass works specifically because the code checks only for the Windows file separator (backslash) via File.separator, but does not validate forward slashes, making the protection OS-separator-dependent and bypassable on Windows hosts. ↗
- ·The vulnerability is exploitable with no authentication required; both the file upload and the RCE trigger endpoints are accessible to unauthenticated remote attackers. ↗
- ·The RCE via sensorPing() relies on the SMS process current working directory being the installation directory, so the dropped payload (ping.exe) is resolved before C:\Windows\System32\ping.exe due to PATH/CWD precedence. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2022-08-10
Published