Headline
CVE-2023-23595: Device Registration Portal (DRP) – BlueCat Networks
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as “machine example.com login daniel password qwerty” in the documentation example for the .netrc file format. NOTE; 2.x versions are no longer supported. There is no available information about whether any later version is affected.
What is it?
Device Registration Portal (DRP) is a standalone application that audits and tracks all devices trying to connect to the network. Administrators gain more control over which devices employees, contractors, or guests can use to connect to the internal network while eliminating heavy IT involvement in device registration.
The challenge
Given the rise in demand for BYOD and guest access, network administrators want more user access control of third-party devices. The growing number of devices makes it challenging to keep up with device registration and network security while providing user access across different systems. Without a way to centralize self-service registration, administrators face reduced IT productivity that impacts employees, contractors, and guests. They need a cost-effective solution that is tightly integrated to a single DDI platform.