Main Vulnerability Database Exploits ID:5736 - Exploit for Improper Privilege Management in rConfig - CVE-2019-19585

ID:5736 - Exploit for Improper Privilege Management in rConfig - CVE-2019-19585

Published: June 17, 2021

Vulnerability identifier: #VU34903

Vulnerability risk: Low

CVE-ID: CVE-2019-19585

CWE-ID: CWE-269

Exploitation vector: Local access

Vulnerable software:
rConfig

Link to public exploit:

https://www.exploit-db.com/exploits/48261/

Vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.

Remediation

Install update from vendor's website.

ID:5736 - Exploit for Improper Privilege Management in rConfig - CVE-2019-19585

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human