Detects 'SQL Injection' vulnerability in rConfig affects v. 3.9.4 and before.
Can be used by
Scan only one
CVE-2020-10547 Scanner Detail
rConfig is an open-source network device configuration management tool that helps automate the configuration backup and restoration process. The tool gathers device configurations from network devices, backs them up and provides a web interface for administrators to easily manage network devices and compare their configurations. It is widely used by network administrators to manage their network devices.
One of the main vulnerabilities in rConfig is the CVE-2020-10547 vulnerability. This vulnerability exists in compliancepolicyelements.inc.php, a file that is responsible for handling compliance policies. The vulnerability is caused by insufficient input validation and allows an attacker to execute arbitrary SQL commands, leading to complete compromise of the database.
The exploitation of this vulnerability poses a significant risk to the security of the network devices that are managed by rConfig. Attackers can use this vulnerability to easily spread across networks and gain unauthorized access to sensitive network resources. Moreover, the fact that nodes' passwords are stored in cleartext can further worsen the situation by granting attackers access to monitored network devices.
Those who read this article can easily and quickly learn about vulnerabilities in their digital assets by using the pro features of the securityforeveryone.com platform. The platform provides a comprehensive set of tools to identify, prioritize, and manage vulnerabilities across digital assets. Moreover, it offers actionable insights and guidance to help organizations quickly address vulnerabilities and reduce risk. By using this platform, organizations can ensure the security and reliability of their digital assets.