rConfig free open-source configuration management utility vulnerable to SQL injection flaws allowing hackers to take control over the network
The popular free and open-source configuration management utility, rConfig has four critical vulnerabilities that can allow hackers to execute arbitrary code and even take over the network. The vulnerability resides in the rConfig version Version 3.9.5 and earlier.
rConfig is a popular and free utility developed by Network Architects and used by over 7,000 network engineers to take snapshots and backup of over 7 million network devices, according to the project’s website. The rConfig version 3.9.5 and earlier have four critical vulnerabilities that allow threat actors to perform SQL injections, remote code injections, among other attacks.
Here is the list of vulnerabilities in rConfig:
CVE-2020-15712: Thi flaw in rConfig is an input validation error when it is processing streams. This flaw can allow potential hackers to perform directory attacks by sending specially crafted HTTP requests. The vulnerability received a score of 6/10 on the CVSS scale.
CVE-2020-15713: This flaw in rConfig exists because of insufficient disinfection of user-provided data through the “sortBy” parameter in “devices.php.” The flaw can allow potential hackers to execute arbitrary SQL queries against the target database. The sorBy flaw has rConfig has a CVSS score of 7.7/10 and its successful exploitation would allow hackers to launch phishing attacks, implant malware, among others.
CVE-2020-15714: This flaw exists due to insufficient disinfection of data passed through the “custom_Location” parameter in “devices.crud.php.” Potential hackers could exploit the flaw to perform arbitrary SQL queries on the target database. Like the previous case, this vulnerability received a score of 7.7/10 on the CVSS scale.
CVE-2020-15715: This flaw exists in the rConfig search.crud.php script. Incorrect input validation passed through the “nodeId” parameter in the “search.crud.php” script can allow potential hackers to execute arbitrary code on the target system. The vulnerability received a score of 7.7/10.
Network Architects have taken cognizance of the flaws and have released the new version, rConfig v3.9.6 on 25th July 2020. The rConfig v3.9.6 patches all the above flaws and Network Architects have alerted users to update their rConfig instance to the latest version. You can download the latest version from here.