live casino online

Details on the proof-of-concept (PoC) exploit for two unpatched, critical remote code execution (RCE) vulnerabilities in the network configuration management utility rConfig have been recently disclosed. At least one of the flaws could allow remote compromise of servers and connected network devices.

Written in native PHP, rConfig is an open source utility that allows network engineers to configure and take frequent configuration snapshots of their networked devices. The utility is also used for customized device commands, bulk configuration management, and Telnet and SSHv2 support. The rConfig claims that the tool is used by over 7,000 network engineers in managing more than 3.3 million devices. These would include firewalls, load balancers, routers, switches, and wide area network (WAN) optimizers.

The rConfig vulnerabilities

Both affect all versions of rConfig, including its latest version (3.9.2). No security update has been made available at the time of writing. The two identified vulnerabilities are designated as:

• Unauthenticated RCE (CVE-2019-16662) in ajaxServerSettingsChk.php
• Authenticated RCE (CVE-2019-16663) in search.crud.php

Mohammad Askar, the security researcher who discovered the vulnerabilities, that each flaw resides in a separate file of rConfig. Designated as , the unauthenticated RCE in ajaxServerSettingsChk.php allows an attacker to directly execute system commands through a GET request. Command execution is possible due to the rootUname parameter being passed to the exec function without filtering. The RCE that resides in search.crud.php, on the other hand, requires authentication before its exploitation. Askar¡¯s PoC exploit was released after 35 days of ¡°no response¡± from rConfig¡¯s main developer.

Another researcher, who goes by the name of Sudoka, has analyzed the flaws and that the second RCE could even be exploited without authentication in rConfig versions prior to version 3.6.0. Moreover, as noted by Johannes Ullrich of SANS Technology Institute, the affected file related to the first flaw actually belongs to a directory that rConfig to be deleted post-installation. Meaning, users are not vulnerable if they completed the installation and deleted the install directory.

Although rConfig does to be actively maintained anymore, users of rConfig should consider temporarily removing the application from their servers until security patches are released.

Users of PHP environments can also adopt the following best practices to deter intrusions that may exploit the vulnerabilities:

• Enable PHP¡¯s built-in ; the Open Web Application Security Project (OWASP), in addition, has recommendations and a on how to secure .
• Enforce the principle of least privilege by restricting permissions, as well as access to tools or programming techniques.
• Implement proactive incident response strategies that can prevent potential compromise or breach and identify possible threat entry points.

live casino online Solutions

Threats exploiting the aforementioned RCE vulnerabilities can be mitigated by the live casino online? Deep Security? and Vulnerability Protection solutions, which protect systems and users from threats via this Deep Packet Inspection (DPI) rule:

• 1005934 - Identified Suspicious Command Injection Attack (CVE-2019-16662 and CVE-2019-16663)
• 1010046 - rConfig Remote Command Execution Vulnerability (CVE-2019-16662)
• 1010047 - rConfig Remote Command Execution Vulnerability (CVE-2019-16663)

live casino online TippingPoint? customers are protected from threats and attacks that may exploit CVE-2019-16662 and CVE-2019-16663 via these MainlineDV filters:

• 36582: HTTP: rConfig Network Management rootUname Command Injection Vulnerability
• 36583: HTTP: rConfig Network Management search.crud.php Command Injection Vulnerability