rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-04T03:24:41
Updated: 2024-08-04T11:06:09.460Z
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10547
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-04T04:15:12.977
Modified: 2024-11-21T04:55:33.493
Link: CVE-2020-10547
Redhat
No data.