Skip to the content.

CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution

CVE CVE-2023-22581
Case DIVD-2022-00068
Discovered by
  • Tom Wolters (Chapter8)
Affected products
Product Affected Unaffected Unknown
CERN White Rabbit Switch >= v.x.y.z < v6.0.1 to < v6.0.1
everything else
Page author Victor Pasman
CVSS Base score: 9.8 (CRITICAL)
Problem type(s) CWE-20 Improper Input Validation
Impact(s) CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Last modified 12 May 2023 11:55


White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).

JSON version