Lucene search

[email protected]NVD:CVE-2023-23595

HistoryJan 15, 2023 - 7:15 a.m.

CVE-2023-23595

2023-01-1507:15:08

CWE-611

[email protected]

web.nvd.nist.gov

bluecat device registration

xxe attacks

single-line files

.netrc file format

unsupported versions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as “machine example.com login daniel password qwerty” in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected.

Affected configurations

NVD

Node

bluecatnetworksdevice_registration_portalMatch2.2

References

bluecatnetworks.com/integrations/adaptive-application/device-registration-portal-drp/

everything.curl.dev/usingcurl/netrc

github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for NVD:CVE-2023-23595

cvelist1 cve1 prion1