rConfig is a network device configuration management tool. It is designed to manage network device configurations, compliance, and network operations. It allows network engineers to take snapshots of their network configurations, compare changes over time, and manage devices from a central location.

rConfig

A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-39110	HIGH	8.8	rConfig	cpe:2.3:a:rconfig:rconfig	No	Yes	Aug 01, 2023
CVE-2023-39109	HIGH	8.8	rConfig	cpe:2.3:a:rconfig:rconfig	No	Yes	Aug 01, 2023
CVE-2023-39108	HIGH	8.8	rConfig	cpe:2.3:a:rconfig:rconfig	No	Yes	Aug 01, 2023
CVE-2022-45030	HIGH	8.8	rConfig	cpe:2.3:a:rconfig:rconfig	No	No	Apr 15, 2023
CVE-2023-24366	MEDIUM	6.5	rConfig	cpe:2.3:a:rconfig:rconfig	No	No	Mar 27, 2023

CVE-2020-25352:
rConfig vulnerability analysis and mitigation

5.4

Related rConfig vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2020-25352: rConfig vulnerability analysis and mitigation