Search criteria
4 vulnerabilities found for White Rabbit Switch by CERN
CVE-2023-22577 (GCVE-0-2023-22577)
Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Summary
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(vx.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Horst (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:18:41.318819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:18:50.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "vx.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:13.172Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Password Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22577",
"datePublished": "2023-04-24T08:14:53.265Z",
"dateReserved": "2023-01-03T07:33:48.701Z",
"dateUpdated": "2025-03-11T13:39:13.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22581 (GCVE-0-2023-22581)
Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Summary
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(v.x.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Host (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:21:34.846469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:21:45.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "v.x.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Host (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
}
],
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:11.794Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"advisory": "DIVD-2023-00068",
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Unauthenticated remote code execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22581",
"datePublished": "2023-04-24T08:14:53.037Z",
"dateReserved": "2023-01-03T07:33:48.702Z",
"dateUpdated": "2025-03-11T13:39:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22577 (GCVE-0-2023-22577)
Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Summary
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(vx.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Horst (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:18:41.318819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:18:50.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "vx.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:13.172Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Password Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22577",
"datePublished": "2023-04-24T08:14:53.265Z",
"dateReserved": "2023-01-03T07:33:48.701Z",
"dateUpdated": "2025-03-11T13:39:13.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22581 (GCVE-0-2023-22581)
Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Summary
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(v.x.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Host (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:21:34.846469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:21:45.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "v.x.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Host (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
}
],
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:11.794Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"advisory": "DIVD-2023-00068",
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Unauthenticated remote code execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22581",
"datePublished": "2023-04-24T08:14:53.037Z",
"dateReserved": "2023-01-03T07:33:48.702Z",
"dateUpdated": "2025-03-11T13:39:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}