MidnightBSD

Advisories for home.cern

CVE-2023-22577

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
csirt@divd.nl 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
home.cern white_rabbit_switch_firmware *
CVE-2023-22581

White Rabbit Switch contains a vulnerability which makes it possible for an attackerĀ to perform system commands under the context of the web application (the defaultĀ installation makes the webserver run as the root user).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
csirt@divd.nl 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
home.cern white_rabbit_switch_firmware *