CVE-2023-23595

CVSS V2 None CVSS V3 None
Description
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected.
Overview
  • CVE ID
  • CVE-2023-23595
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-15T07:15:08
  • Last Modified Date
  • 2023-01-24T16:35:54
Weakness Enumerations
CWE URL
CWE-611 http://cwe.mitre.org/data/definitions/611.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:bluecatnetworks:device_registration_portal:2.2:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://bluecatnetworks.com/integrations/adaptive-application/device-registration-portal-drp/
https://everything.curl.dev/usingcurl/netrc
https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-23595
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23595
History
Created Old Value New Value Data Type Notes
2023-01-15 07:15:22 Added to TrackCVE
2023-01-15 21:14:24 2023-01-15T20:15:09 CVE Modified Date updated
2023-01-15 21:14:24 BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE; 2.x versions are no longer supported. There is no available information about whether any later version is affected. BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected. Description updated
2023-01-17 14:14:57 2023-01-17T13:24:51 CVE Modified Date updated
2023-01-17 14:14:57 Received Awaiting Analysis Vulnerability Status updated
2023-01-23 12:23:26 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-24 18:12:44 2023-01-24T16:35:54 CVE Modified Date updated
2023-01-24 18:12:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-24 18:12:44 Weakness Enumeration new
2023-01-24 18:12:46 CPE Information updated