CVE-2023-22577

White Rabbit Switch - Password Disclosure Vulnerability

CVE

CVE-2023-22577

Title

White Rabbit Switch - Password Disclosure Vulnerability

Credits

Tom Wolters (Chapter8) (finder)
Victor Pasman (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
CERN White Rabbit Switch	>= < v6.0.1 to < v6.0.1 (vx.y.z)
CERN White Rabbit Switch		everything else

CVSS

Base score: 9.8 (CRITICAL)

References

https://csirt.divd.nl/CVE-2023-22577/ ( third-party-advisory )
https://csirt.divd.nl/DIVD-2022-00068/ ( third-party-advisory )

Problem type(s)

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Impact(s)

CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs

Date published

12 Apr 2023 19:00 UTC

Last modified

Description

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.

Workaround(s)

Upgrade to version 6.0.2

JSON version.

DIVD CSIRT

CVE-2023-22577

White Rabbit Switch - Password Disclosure Vulnerability

Description

Workaround(s)