exploitDog

CVE-2020-10547

Опубликовано: 04 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Ссылки

https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
Exploit
Third Party Advisory
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
Exploit
Third Party Advisory
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*

Версия до 3.9.4 (включая)

EPSS

Процентиль: 100%

0.89969

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-m2x2-97x9-744w

github

больше 3 лет назад

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

EPSS

Процентиль: 100%

0.89969

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89