CVE-2023-22581

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://csirt.divd.nl/CVE-2023-22581/	Broken Link
https://csirt.divd.nl/DIVD-2022-00068/	Broken Link
https://vuldb.com/?id.227269	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-24 09:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-22581

Mitre link : CVE-2023-22581

CVE.ORG link : CVE-2023-22581

JSON object : View

Products Affected

home.cern

white_rabbit_switch
white_rabbit_switch_firmware

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-22581", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-04-24T09:15:09.663", "references": [{"url": "https://csirt.divd.nl/CVE-2023-22581/", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2022-00068/", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://vuldb.com/?id.227269", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."}], "lastModified": "2023-05-02T19:16:34.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AE4488F-EF2E-4A9E-AC6F-E325BC54FB55", "versionEndIncluding": "6.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0A0ECDF-E65D-46C8-830F-CFC5AA4832F7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "csirt@divd.nl"}