Skip to the content.

DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN

Our reference DIVD-2022-00068
Case lead Victor Pasman
Researcher(s)
CVE(s)
Product White Rabbit Switch
Versions
  • All versions prior to 6.0.1
Recommendation Upgrade to the latest version of White Rabbit Switch.
Status Closed
Last modified 01 Jun 2023 09:16 CEST

Summary

Multiple vulnerabilities have been identified in White Rabbit Switch. Leveraging these vulnerabilities could allow an attacker to compromise the system.

What you can do

Upgrade your White Rabbit Switch version 6.0.2.

What we are doing

DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.

Timeline

Date Description
16 Nov 2022 Two vulnerabilities (RCE and information diclosure vulnerability) are reported by Tom Wolters, DIVD starts evaluation and reporting process.
16 Nov 2022 First contact between CERN and DIVD.
11 Apr 2023 CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581.
16 Nov 2022-
09 Dec 2022
Time to acknowledge
09 Dec 2022 Vendor acknowledges receipt of vulnerabilities
11 Apr 2023 Limited disclosure of the White Rabbit Switch vulnerabilities
31 May 2023 Case closed.
gantt title DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN (196 days) :2022-11-16, 2023-05-31 section Events Two vulnerabilities (RCE and information diclosure vulnerability) are reported by Tom Wolters, DIVD starts evaluation and reporting process. : milestone, 2022-11-16, 0d First contact between CERN and DIVD. : milestone, 2022-11-16, 0d CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581. : milestone, 2023-04-11, 0d Time to acknowledge (23 days) : 2022-11-16, 2022-12-09 Vendor acknowledges receipt of vulnerabilities : milestone, 2022-12-09, 0d Limited disclosure of the White Rabbit Switch vulnerabilities : milestone, 2023-04-11, 0d Case closed. : milestone, 2023-05-31, 0d

More information