HTTP: KeySight N6854A and N6841A RF Sensor smsRestoreDatabaseZip SQL Injection
This signature detects attempts to exploit a known vulnerability against KeySight N6854A and N6841A RF Sensor. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\sms\), effectively controlling the content of the database to be restored.
Affected Products
Keysight sensor_management_server
Short Name
HTTP:SQL:INJ:KEYSIGHT-SMS-RSTR
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2022-38130 Injection KeySight N6841A N6854A RF SQL Sensor and smsRestoreDatabaseZip
Release Date
10/27/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3540
False Positive
Rarely
Vendors
Keysight