DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
| Our reference | DIVD-2022-00068 |
| Case lead | Victor Pasman |
| Researcher(s) |
|
| CVE(s) | |
| Product | White Rabbit Switch |
| Versions |
|
| Recommendation | Upgrade to the latest version of White Rabbit Switch. |
| Status | Closed |
| Last modified | 01 Jun 2023 09:16 |
Summary
Multiple vulnerabilities have been identified in White Rabbit Switch. Leveraging these vulnerabilities could allow an attacker to compromise the system.
What you can do
Upgrade your White Rabbit Switch version 6.0.2.
What we are doing
DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
Timeline
| Date | Description |
|---|---|
| 16 Nov 2022 | Two vulnerabilities (RCE and information diclosure vulnerability) are reported by Tom Wolters, DIVD starts evaluation and reporting process. |
| 16 Nov 2022 | First contact between CERN and DIVD. |
| 11 Apr 2023 | CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581. |
|
16 Nov 2022- 09 Dec 2022 |
Time to acknowledge |
| 09 Dec 2022 | Vendor acknowledges receipt of vulnerabilities |
| 11 Apr 2023 | Limited disclosure of the White Rabbit Switch vulnerabilities |
| 31 May 2023 | Case closed. |
gantt
title DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN (196 days) :2022-11-16, 2023-05-31
section Events
Two vulnerabilities (RCE and information diclosure vulnerability) are reported by Tom Wolters, DIVD starts evaluation and reporting process. : milestone, 2022-11-16, 0d
First contact between CERN and DIVD. : milestone, 2022-11-16, 0d
CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581. : milestone, 2023-04-11, 0d
Time to acknowledge (23 days) : 2022-11-16, 2022-12-09
Vendor acknowledges receipt of vulnerabilities : milestone, 2022-12-09, 0d
Limited disclosure of the White Rabbit Switch vulnerabilities : milestone, 2023-04-11, 0d
Case closed. : milestone, 2023-05-31, 0d