silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
- Content source
- https://threatpost.com/critical-rce-flaw-in-rconfig/149847/
Two bugs in the network configuration utility rConfig have been identified, both allowing remote code execution on affected systems. Worse, one is rated critical and allows for a user to attack a system remotely – sans authentication.
RConfig is a free open-source configuration management utility used by over 7,000 network engineers to take snapshots of over 7 million network devices, according the project’s website.
The vulnerabilities (CVE-2019-16663, CVE-2019-16662) are both tied to rConfig version 3.9.2. The more serious of the two vulnerabilities (CVE-2019-16662) allows an attacker to execute system commands on affected devices via GET requests, which can lead to command instructions.
Critical Remote Code Execution Flaw Found in Open Source rConfig Utility
The network configuration management utility has two unpatched critical remote code execution vulnerabilities.
threatpost.com