Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for White Rabbit Switch by CERN

    CVE-2023-22581 (GCVE-0-2023-22581)

    Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
    VLAI
    Title
    White Rabbit Switch - Unauthenticated remote code execution
    Summary
    White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2023-22581/ third-party-advisory
    https://csirt.divd.nl/DIVD-2022-00068/ third-party-advisory
    Impacted products
    Vendor Product Version
    CERN White Rabbit Switch Affected: < v6.0.1 , ≤ v6.0.1 (v.x.y.z)
    Create a notification for this product.
    Date Public
    2023-04-12 19:00
    Credits
    Tom Wolters (Chapter8) Victor Pasman (DIVD) Max van der Host (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:49.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/CVE-2023-22581/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/DIVD-2022-00068/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22581",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:21:34.846469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T19:21:45.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "White Rabbit Switch",
              "vendor": "CERN",
              "versions": [
                {
                  "lessThanOrEqual": "v6.0.1",
                  "status": "affected",
                  "version": "\u003c v6.0.1",
                  "versionType": "v.x.y.z"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tom Wolters (Chapter8)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Victor Pasman  (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Host (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2023-04-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
                }
              ],
              "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T13:39:11.794Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2023-22581/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2022-00068/"
            }
          ],
          "source": {
            "advisory": "DIVD-2023-00068",
            "discovery": "EXTERNAL"
          },
          "title": "White Rabbit Switch - Unauthenticated remote code execution",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 6.0.2"
                }
              ],
              "value": "Upgrade to version 6.0.2"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2023-22581",
        "datePublished": "2023-04-24T08:14:53.037Z",
        "dateReserved": "2023-01-03T07:33:48.702Z",
        "dateUpdated": "2025-03-11T13:39:11.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22577 (GCVE-0-2023-22577)

    Vulnerability from nvd – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
    VLAI
    Title
    White Rabbit Switch - Password Disclosure Vulnerability
    Summary
    Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2023-22577/ third-party-advisory
    https://csirt.divd.nl/DIVD-2022-00068/ third-party-advisory
    Impacted products
    Vendor Product Version
    CERN White Rabbit Switch Affected: < v6.0.1 , ≤ v6.0.1 (vx.y.z)
    Create a notification for this product.
    Date Public
    2023-04-12 19:00
    Credits
    Tom Wolters (Chapter8) Victor Pasman (DIVD) Max van der Horst (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:49.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/CVE-2023-22577/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/DIVD-2022-00068/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:18:41.318819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T19:18:50.744Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "White Rabbit Switch",
              "vendor": "CERN",
              "versions": [
                {
                  "lessThanOrEqual": "v6.0.1",
                  "status": "affected",
                  "version": "\u003c v6.0.1",
                  "versionType": "vx.y.z"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tom Wolters (Chapter8)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Victor Pasman (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2023-04-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
                }
              ],
              "value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T13:39:13.172Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2023-22577/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2022-00068/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "White Rabbit Switch - Password Disclosure Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 6.0.2"
                }
              ],
              "value": "Upgrade to version 6.0.2"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2023-22577",
        "datePublished": "2023-04-24T08:14:53.265Z",
        "dateReserved": "2023-01-03T07:33:48.701Z",
        "dateUpdated": "2025-03-11T13:39:13.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22577 (GCVE-0-2023-22577)

    Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
    VLAI
    Title
    White Rabbit Switch - Password Disclosure Vulnerability
    Summary
    Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2023-22577/ third-party-advisory
    https://csirt.divd.nl/DIVD-2022-00068/ third-party-advisory
    Impacted products
    Vendor Product Version
    CERN White Rabbit Switch Affected: < v6.0.1 , ≤ v6.0.1 (vx.y.z)
    Create a notification for this product.
    Date Public
    2023-04-12 19:00
    Credits
    Tom Wolters (Chapter8) Victor Pasman (DIVD) Max van der Horst (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:49.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/CVE-2023-22577/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/DIVD-2022-00068/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:18:41.318819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T19:18:50.744Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "White Rabbit Switch",
              "vendor": "CERN",
              "versions": [
                {
                  "lessThanOrEqual": "v6.0.1",
                  "status": "affected",
                  "version": "\u003c v6.0.1",
                  "versionType": "vx.y.z"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tom Wolters (Chapter8)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Victor Pasman (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Horst (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2023-04-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
                }
              ],
              "value": "Within White Rabbit Switch it\u0027s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T13:39:13.172Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2023-22577/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2022-00068/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "White Rabbit Switch - Password Disclosure Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 6.0.2"
                }
              ],
              "value": "Upgrade to version 6.0.2"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2023-22577",
        "datePublished": "2023-04-24T08:14:53.265Z",
        "dateReserved": "2023-01-03T07:33:48.701Z",
        "dateUpdated": "2025-03-11T13:39:13.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22581 (GCVE-0-2023-22581)

    Vulnerability from cvelistv5 – Published: 2023-04-24 08:14 – Updated: 2025-03-11 13:39
    VLAI
    Title
    White Rabbit Switch - Unauthenticated remote code execution
    Summary
    White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2023-22581/ third-party-advisory
    https://csirt.divd.nl/DIVD-2022-00068/ third-party-advisory
    Impacted products
    Vendor Product Version
    CERN White Rabbit Switch Affected: < v6.0.1 , ≤ v6.0.1 (v.x.y.z)
    Create a notification for this product.
    Date Public
    2023-04-12 19:00
    Credits
    Tom Wolters (Chapter8) Victor Pasman (DIVD) Max van der Host (DIVD) Frank Breedijk (DIVD)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:49.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/CVE-2023-22581/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://csirt.divd.nl/DIVD-2022-00068/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22581",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T19:21:34.846469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T19:21:45.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "White Rabbit Switch",
              "vendor": "CERN",
              "versions": [
                {
                  "lessThanOrEqual": "v6.0.1",
                  "status": "affected",
                  "version": "\u003c v6.0.1",
                  "versionType": "v.x.y.z"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tom Wolters (Chapter8)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Victor Pasman  (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Max van der Host (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            }
          ],
          "datePublic": "2023-04-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker to\u0026nbsp;to perform system commands under the context of the web application (the default\u0026nbsp;installation makes the webserver run as the root user)."
                }
              ],
              "value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T13:39:11.794Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/CVE-2023-22581/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2022-00068/"
            }
          ],
          "source": {
            "advisory": "DIVD-2023-00068",
            "discovery": "EXTERNAL"
          },
          "title": "White Rabbit Switch - Unauthenticated remote code execution",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 6.0.2"
                }
              ],
              "value": "Upgrade to version 6.0.2"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2023-22581",
        "datePublished": "2023-04-24T08:14:53.037Z",
        "dateReserved": "2023-01-03T07:33:48.702Z",
        "dateUpdated": "2025-03-11T13:39:11.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }