Login Sign Up

CVE-2023-24366

6.5 MEDIUM

📋 TL;DR

CVE-2023-24366 is an arbitrary file download vulnerability in rConfig v6.8.0 that allows attackers to download sensitive files from the server via crafted HTTP requests. This affects all organizations running vulnerable versions of rConfig network management software. Attackers can potentially access configuration files, credentials, and other sensitive data.

💻 Affected Systems

Products:
  • rConfig
Versions: v6.8.0
Operating Systems: Linux, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of rConfig v6.8.0 are vulnerable regardless of configuration. The vulnerability exists in the file download functionality.

📦 What is this software?

Rconfig by Rconfig

View all CVEs affecting Rconfig →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft from configuration files, database access, and lateral movement within the network.

🟠

Likely Case

Sensitive data exposure including database credentials, SSH keys, configuration files, and potentially user credentials leading to further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, file permissions, and monitoring detecting unauthorized file access attempts.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication, making internet-facing instances immediate targets.
🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised internal systems, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available on GitHub. Exploitation requires only HTTP access and knowledge of file paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.9.0 or later

Vendor Advisory: https://github.com/rconfig/rconfig/releases

Restart Required: Yes

Instructions:

1. Backup current rConfig installation and database. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart web server service. 5. Verify functionality.

🔧 Temporary Workarounds

Web Server Access Restriction

all

Restrict access to rConfig web interface using firewall rules or web server configuration

# Apache: Use .htaccess or virtual host config
# Nginx: Use location blocks with allow/deny
# Firewall: iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT

File Permission Hardening

linux

Restrict file permissions on sensitive directories and configuration files

chmod 600 /path/to/rconfig/config.php
chmod 700 /path/to/rconfig/
chown root:www-data /path/to/rconfig/

🧯 If You Can't Patch

  • Implement strict network access controls to limit rConfig access to trusted IPs only
  • Deploy web application firewall (WAF) with rules to block directory traversal and file download patterns

🔍 How to Verify

Check if Vulnerable:

Check if running rConfig v6.8.0 by examining version files or web interface. Test with known exploit scripts from GitHub repositories.

Check Version:

grep -r 'version' /path/to/rconfig/install/ or check web interface footer

Verify Fix Applied:

Verify version is updated to v6.9.0 or later. Test file download functionality with traversal attempts to confirm patched.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with ../ patterns in URL parameters
  • Unusual file download patterns from rConfig directories
  • Access to sensitive file paths via web logs

Network Indicators:

  • HTTP requests containing directory traversal sequences (../)
  • Multiple file download attempts from single IP

SIEM Query:

source="web_logs" AND url="*../*" AND (uri_path="/rconfig/*" OR host="rconfig*")

📊 Metadata

CVE ID: CVE-2023-24366
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: March 27, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON