CVE-2022-1660

CRITICAL

Keysight N6854a Firmware < 2.4.0 - Insecure Deserialization

Title source: rule

Description

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01

Scores

CVSS v3 9.8

EPSS 0.0103

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

keysight/n6854a_firmware < 2.4.0

keysight/n6841a_rf_firmware < 2.4.0

Timeline

Published Jun 02, 2022

Tracked Since Feb 18, 2026