CVE-2023-22581

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://csirt.divd.nl/CVE-2023-22581/	Broken Link
https://csirt.divd.nl/DIVD-2022-00068/	Broken Link
https://vuldb.com/?id.227269	Third Party Advisory
https://csirt.divd.nl/CVE-2023-22581/	Broken Link
https://csirt.divd.nl/DIVD-2022-00068/	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:45

Type	Values Removed	Values Added
References	~~() https://csirt.divd.nl/CVE-2023-22581/ - Broken Link~~	() https://csirt.divd.nl/CVE-2023-22581/ - Broken Link
References	~~() https://csirt.divd.nl/DIVD-2022-00068/ - Broken Link~~	() https://csirt.divd.nl/DIVD-2022-00068/ - Broken Link

02 May 2023, 19:16

Type	Values Removed	Values Added
CPE		cpe:2.3:o:home.cern:white_rabbit_switch_firmware:::::::: cpe:2.3:h:home.cern:white_rabbit_switch:-:::::::*
References		(MISC) https://vuldb.com/?id.227269 - Third Party Advisory
References	~~(MISC) https://csirt.divd.nl/DIVD-2022-00068/ -~~	(MISC) https://csirt.divd.nl/DIVD-2022-00068/ - Broken Link
References	~~(MISC) https://csirt.divd.nl/CVE-2023-22581/ -~~	(MISC) https://csirt.divd.nl/CVE-2023-22581/ - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		NVD-CWE-noinfo

24 Apr 2023, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-24 09:15

Updated : 2024-11-21 07:45

NVD link : CVE-2023-22581

Mitre link : CVE-2023-22581

CVE.ORG link : CVE-2023-22581

JSON object : View

Products Affected

home.cern

white_rabbit_switch
white_rabbit_switch_firmware

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2023-22581", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-04-24T09:15:09.663", "references": [{"url": "https://csirt.divd.nl/CVE-2023-22581/", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2022-00068/", "tags": ["Broken Link"], "source": "csirt@divd.nl"}, {"url": "https://vuldb.com/?id.227269", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://csirt.divd.nl/CVE-2023-22581/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://csirt.divd.nl/DIVD-2022-00068/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."}], "lastModified": "2024-11-21T07:45:00.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:home.cern:white_rabbit_switch_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AE4488F-EF2E-4A9E-AC6F-E325BC54FB55", "versionEndIncluding": "6.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:home.cern:white_rabbit_switch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0A0ECDF-E65D-46C8-830F-CFC5AA4832F7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "csirt@divd.nl"}