rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-04T03:25:04
Updated: 2024-08-04T11:06:09.598Z
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10546
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-04T04:15:12.663
Modified: 2024-11-21T04:55:33.337
Link: CVE-2020-10546
Redhat
No data.