CVE-2023-23595

Published: 15/01/2023 Updated: 24/01/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluecatnetworks device registration portal 2.2

XXE Vulnerability in Bluecat Device Registration Portal (DRP) CVE-2023-23595 Summary Bluecat device registration portal / Bluecat DRP version 2 is vulnerable to information leakage via XML External Entity Injection / XXE Tested on version 22 Version 2 is no longer supported by the vendor I was only able to extract single line files - /etc/issuenet for example This appears

CWE-611 https://bluecatnetworks.com/integrations/adaptive-application/device-registration-portal-drp/https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP https://everything.curl.dev/usingcurl/netrc https://nvd.nist.gov https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-23595

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect