CVE-2020-10546 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in rConfig affects v. 3.9.4 and before.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
rConfig is a free, open-source network device configuration management software which provides network engineers with the ability to securely manage network devices and configuration backups. With rConfig, network administrators can monitor and track network device configurations, automate backups, and schedule configuration changes in small to medium-sized networks. This tool is specifically designed to make the management of network devices simpler and more efficient.
CVE-2020-10546 is a vulnerability in rConfig 3.9.4 which can be exploited by unauthenticated attackers to execute arbitrary SQL commands in the compliancepolicies.inc.php file. As a result of this vulnerability, attackers can gain unauthorized access to the targeted network devices and compromise their security. Since the password for nodes is stored in plain text by default, an attacker who successfully exploits this vulnerability can gain access to the monitored network devices, enabling them to perform lateral movement.
Because of this vulnerability, attackers can gain access to sensitive information and potentially take control of the network infrastructure if the exploited network device is a core device. This can cause significant damage to organizations, including financial losses, intellectual property theft, and damage to reputation, to name a few.
In conclusion, the security of digital assets cannot be taken for granted, and it's essential to stay updated about potential vulnerabilities in network devices. At s4e.io, we provide pro features that allow users to quickly and easily learn about the vulnerabilities in the digital assets they are monitoring. These features help our customers keep their network devices safe from potential vulnerabilities, protecting their network infrastructure and ensuring that they continue to run smoothly and securely.
REFERENCES