CVE-2022-38130

CRITICAL EXPLOITED NUCLEI

com.keysight.tentacle.config.ResourceManager - Path Traversal

Title source: llm

Description

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored.

Nuclei Templates (1)

KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

CRITICALVERIFIEDby daffainfo,jjcho

References (1)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2022-28

Scores

CVSS v3 9.8

EPSS 0.6247

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-18

CWE

CWE-89

Status published

Products (1)

keysight/sensor_management_server 2.4.0

Published Aug 10, 2022

Tracked Since Feb 18, 2026