Vulnerability identifier: #VU28012

Vulnerability risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-12257

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
rConfig
Web applications / Remote management & hosting panels

Vendor: rConfig

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

Vulnerable software versions

rConfig: 3.9.4

---

External links
http://gist.github.com/farid007/eb7310749520fb8cdf5942573c9954ef

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.