CVE-2020-10547: SQL Injection
First published: Thu Jun 04 2020(Updated: )
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | <=3.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10547?
The severity of CVE-2020-10547 is critical with a score of 9.8.
How does CVE-2020-10547 affect rConfig?
CVE-2020-10547 affects rConfig version 3.9.4 and previous versions.
What is the vulnerability in rConfig that CVE-2020-10547 exposes?
CVE-2020-10547 exposes an unauthenticated SQL injection vulnerability in the compliancepolicyelements.inc.php file of rConfig.
What is the potential impact of CVE-2020-10547?
CVE-2020-10547 can lead to lateral movement and grant an attacker access to monitored network devices due to the cleartext storage of nodes' passwords.
Is there a fix available for CVE-2020-10547?
At the moment, there is no official fix available for CVE-2020-10547. It is recommended to update to a patched version when it becomes available.
- collector/nvd-index
- agent/type
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.4