August 29, 2023

Overview

Keysight recently announced a critical security vulnerability in the Data Analytics Web Service Software (N8844A), which is discontinued.  This vulnerability has been assigned the identifier CVE-2023-1967. Further analysis showed that the vulnerability described was also present in other Keysight products. 

If exploited, this vulnerability could allow a sophisticated attacker to execute code remotely. Keysight is not currently aware of malicious exploitation of the vulnerability and will continue to monitor the situation.

Impacted Product Groups

The vulnerability was present in one or more products in the following groups :

  • 5G Test SW 
  • 89600 Vector Signal Analysis SW
  • Arbitrary Waveform Generators
  • Automotive Compliance Apps
  • AXIe Embedded Controllers
  • BenchVue
  • BERTs and Compliance Test SW
  • Boundary Scan Analyzers
  • Carrier Acceptance Test SW
  • Component Analysis SW
  • Device Current Waveform Analyzers
  • ENA Network Analyzers
  • EXM Wireless Test
  • GSM Test Apps
  • In-Circuit Parallel Testers
  • Infiniium Oscilloscopes
  • InfiniiVision USB and PXIe Oscilloscope SW
  • Logic Analyzers
  • Massively Parallel Board Test Systems
  • Multi Transceiver RF Test Sets
  • Multi-Band Vector Transceiver Solutions
  • Multiport ECal SW
  • MXE EMI Test Receivers
  • Noise Figure Analyzers
  • Open RAN Studio
  • Optical Modulation Analyzers
  • Oscilloscope Compliance Test SW
  • PathWave Lab Operations for Connectivity
  • PathWave Measurement SW
  • PathWave Test Automation Platform (TAP)
  • PNA Network Analyzers
  • Precision Source/Measure Units
  • Propsim Channel Emulators
  • PXIe Embedded Controllers
  • PXIe Network Analyzers
  • PXIe Signal Analyzers and Generators
  • Radar Target Simulators
  • Sampling Oscilloscope Compliance Test SW
  • Signal Generation SW
  • Signal Source Analyzers
  • USB Network Analyzers
  • UXM 5G Wireless Test
  • VXG Signal Generators
  • VXT PXIe Transceivers
  • WaveJudge Wireless Analyzer Apps
  • X-Series Signal Analyzers 

Recommended Action

Keysight has developed a mitigation for supported Keysight products that contain this vulnerability.1  We recommend that customers install the updated versions as soon as possible. Older versions of impacted software may have this vulnerability; we recommend that customers discontinue the use of these older versions and uninstall them.

To check whether your products are impacted, and to get the latest versions, use the Product Lookup Tool: 

For more information about this vulnerability, visit  CVE-2023-1967 Frequently Asked Questions or contact Keysight

  

Keysight used commercially reasonable efforts to compile the list of products affected by this vulnerability. Keysight offers this information for your convenience and does not warrant it is complete.

Want help or have questions?