DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
|Case lead||Victor Pasman|
|Product||White Rabbit Switch|
|Recommendation||Upgrade to the latest version of White Rabbit Switch.|
|Last modified||01 Jun 2023 09:16|
Multiple vulnerabilities have been identified in White Rabbit Switch. Leveraging these vulnerabilities could allow an attacker to compromise the system.
What you can do
Upgrade your White Rabbit Switch version 6.0.2.
What we are doing
DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
|16 Nov 2022||Two vulnerabilities (RCE and information diclosure vulnerability) are reported by Tom Wolters, DIVD starts evaluation and reporting process.|
|16 Nov 2022||First contact between CERN and DIVD.|
|11 Apr 2023||CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581.|
16 Nov 2022-
09 Dec 2022
|Time to acknowledge|
|09 Dec 2022||Vendor acknowledges receipt of vulnerabilities|
|11 Apr 2023||Limited disclosure of the White Rabbit Switch vulnerabilities|
|31 May 2023||Case closed.|