CVE-2020-10549: SQL Injection
First published: Thu Jun 04 2020(Updated: )
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | <=3.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10549?
The severity of CVE-2020-10549 is critical with a CVSS score of 9.8.
What is CVE-2020-10549?
CVE-2020-10549 is a vulnerability in rConfig 3.9.4 and previous versions that allows unauthenticated SQL injection.
How does CVE-2020-10549 impact rConfig?
CVE-2020-10549 allows an attacker to perform an unauthenticated SQL injection attack, potentially gaining access to monitored network devices.
How can I fix CVE-2020-10549?
To fix CVE-2020-10549, you should update to a patched version of rConfig.
Is there any additional information about CVE-2020-10549?
Yes, you can find more details about CVE-2020-10549 in the references provided.
- collector/nvd-index
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.4