Arbitrary DLL Loading Vulnerability in Keysight Geolocation Server v2.4.2 and Prior

Arbitrary DLL Loading Vulnerability in Keysight Geolocation Server v2.4.2 and Prior

CVE-2023-36853 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.

Learn more about our Cis Benchmark Audit For Server Software.