CVE-2023-23595

Published: Jan 15, 2023Modified: Apr 8, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected.

Affected (1)

Products: Bluecatnetworks: Device Registration Portal

Bluecatnetworks

1 product

Device Registration Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bluecatnetworks Device Registration Portal	Version 2.2

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

https://bluecatnetworks.com/integrations/adaptive-application/device-registration-portal-drp/

Source: cve@mitre.org

ProductVendor Advisory

https://everything.curl.dev/usingcurl/netrc

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP

Source: cve@mitre.org

ExploitThird Party Advisory

https://bluecatnetworks.com/integrations/adaptive-application/device-registration-portal-drp/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://everything.curl.dev/usingcurl/netrc

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.