+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Critical Remote Code Execution Flaw Found in Open Source rConfig Utility (/showthread.php?tid=8985)
Critical Remote Code Execution Flaw Found in Open Source rConfig Utility - silversurfer - 04 November 19
Quote:The network configuration management utility has two unpatched critical remote code execution vulnerabilities.
Two bugs in the network configuration utility rConfig have been identified, both allowing remote code execution on affected systems. Worse, one is rated critical and allows for a user to attack a system remotely – sans authentication.
RConfig is a free open-source configuration management utility used by over 7,000 network engineers to take snapshots of over 7 million network devices, according the project’s website.
The vulnerabilities (CVE-2019-16663, CVE-2019-16662) are both tied to rConfig version 3.9.2. The more serious of the two vulnerabilities (CVE-2019-16662) allows an attacker to execute system commands on affected devices via GET requests, which can lead to command
Read more: https://threatpost.com/critical-rce-flaw-in-rconfig/149847/