Search criteria
6 vulnerabilities found for white_rabbit_switch_firmware by home.cern
FKIE_CVE-2023-22577
Vulnerability from fkie_nvd - Published: 2023-04-24 09:15 - Updated: 2024-11-21 07:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| home.cern | white_rabbit_switch_firmware | * | |
| home.cern | white_rabbit_switch | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE4488F-EF2E-4A9E-AC6F-E325BC54FB55",
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A0ECDF-E65D-46C8-830F-CFC5AA4832F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"id": "CVE-2023-22577",
"lastModified": "2024-11-21T07:44:59.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-24T09:15:09.410",
"references": [
{
"source": "csirt@divd.nl",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"source": "csirt@divd.nl",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-gv4x-jjcj-p736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"sourceIdentifier": "csirt@divd.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22581
Vulnerability from fkie_nvd - Published: 2023-04-24 09:15 - Updated: 2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
References
| URL | Tags | ||
|---|---|---|---|
| csirt@divd.nl | https://csirt.divd.nl/CVE-2023-22581/ | Broken Link | |
| csirt@divd.nl | https://csirt.divd.nl/DIVD-2022-00068/ | Broken Link | |
| nvd@nist.gov | https://vuldb.com/?id.227269 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://csirt.divd.nl/CVE-2023-22581/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://csirt.divd.nl/DIVD-2022-00068/ | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| home.cern | white_rabbit_switch_firmware | * | |
| home.cern | white_rabbit_switch | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE4488F-EF2E-4A9E-AC6F-E325BC54FB55",
"versionEndIncluding": "6.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A0ECDF-E65D-46C8-830F-CFC5AA4832F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
],
"id": "CVE-2023-22581",
"lastModified": "2024-11-21T07:45:00.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-24T09:15:09.663",
"references": [
{
"source": "csirt@divd.nl",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"source": "csirt@divd.nl",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.227269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"sourceIdentifier": "csirt@divd.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "csirt@divd.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-22581 (GCVE-0-2023-22581)
Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Title
White Rabbit Switch - Unauthenticated remote code execution
Summary
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(v.x.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Host (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:21:34.846469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:21:45.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "v.x.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Host (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
}
],
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:11.794Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"advisory": "DIVD-2023-00068",
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Unauthenticated remote code execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22581",
"datePublished": "2023-04-24T08:14:53.037Z",
"dateReserved": "2023-01-03T07:33:48.702Z",
"dateUpdated": "2025-03-11T13:39:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22577 (GCVE-0-2023-22577)
Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Title
White Rabbit Switch - Password Disclosure Vulnerability
Summary
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(vx.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Horst (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:18:41.318819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:18:50.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "vx.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:13.172Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Password Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22577",
"datePublished": "2023-04-24T08:14:53.265Z",
"dateReserved": "2023-01-03T07:33:48.701Z",
"dateUpdated": "2025-03-11T13:39:13.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22581 (GCVE-0-2023-22581)
Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Title
White Rabbit Switch - Unauthenticated remote code execution
Summary
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(v.x.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Host (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:21:34.846469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:21:45.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "v.x.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Host (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
}
],
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:11.794Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"advisory": "DIVD-2023-00068",
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Unauthenticated remote code execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22581",
"datePublished": "2023-04-24T08:14:53.037Z",
"dateReserved": "2023-01-03T07:33:48.702Z",
"dateUpdated": "2025-03-11T13:39:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22577 (GCVE-0-2023-22577)
Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
VLAI?
Title
White Rabbit Switch - Password Disclosure Vulnerability
Summary
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
Severity ?
9.8 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERN | White Rabbit Switch |
Affected:
< v6.0.1 , ≤ v6.0.1
(vx.y.z)
|
Credits
Tom Wolters (Chapter8)
Victor Pasman (DIVD)
Max van der Horst (DIVD)
Frank Breedijk (DIVD)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:18:41.318819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:18:50.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "White Rabbit Switch",
"vendor": "CERN",
"versions": [
{
"lessThanOrEqual": "v6.0.1",
"status": "affected",
"version": "\u003c v6.0.1",
"versionType": "vx.y.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2023-04-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:13.172Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2022-00068/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "White Rabbit Switch - Password Disclosure Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 6.0.2"
}
],
"value": "Upgrade to version 6.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2023-22577",
"datePublished": "2023-04-24T08:14:53.265Z",
"dateReserved": "2023-01-03T07:33:48.701Z",
"dateUpdated": "2025-03-11T13:39:13.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}