S4E

CVE-2020-10547 Scanner

Detects 'SQL Injection' vulnerability in rConfig affects v. 3.9.4 and before.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

30 seconds

Time Interval

4 weeks

Scan only one

URL

Toolbox

-

rConfig is an open-source network device configuration management tool that helps automate the configuration backup and restoration process. The tool gathers device configurations from network devices, backs them up and provides a web interface for administrators to easily manage network devices and compare their configurations. It is widely used by network administrators to manage their network devices.

One of the main vulnerabilities in rConfig is the CVE-2020-10547 vulnerability. This vulnerability exists in compliancepolicyelements.inc.php, a file that is responsible for handling compliance policies. The vulnerability is caused by insufficient input validation and allows an attacker to execute arbitrary SQL commands, leading to complete compromise of the database.

The exploitation of this vulnerability poses a significant risk to the security of the network devices that are managed by rConfig. Attackers can use this vulnerability to easily spread across networks and gain unauthorized access to sensitive network resources. Moreover, the fact that nodes' passwords are stored in cleartext can further worsen the situation by granting attackers access to monitored network devices.

Those who read this article can easily and quickly learn about vulnerabilities in their digital assets by using the pro features of the s4e.io platform. The platform provides a comprehensive set of tools to identify, prioritize, and manage vulnerabilities across digital assets. Moreover, it offers actionable insights and guidance to help organizations quickly address vulnerabilities and reduce risk. By using this platform, organizations can ensure the security and reliability of their digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan