CVE-2024-47533

Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes

CVSS 9.8 CRITICALEPSS 3.9%CWE-287

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

cobbler · cobbler

public PoCs found — 5

githubgithub.com/dollarboysushil/CVE-2024-47533-Cobbler-XMLRPC-Authentication-Bypass-RCE-Exploit-POC★ 8 githubgithub.com/baph00met/CVE-2024-47533★ 3 githubgithub.com/00xCanelo/CVE-2024-47533-PoC★ 1 githubgithub.com/zs1n/CVE-2024-47533★ 1 githubgithub.com/okkotsu1/CVE-2024-47533★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0 https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h