#VU100775 Improper authentication in Cobbler - CVE-2024-47533


Vulnerability identifier: #VU100775

Vulnerability risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-47533

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cobbler
Server applications / Other server solutions

Vendor: Cobbler project

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the authentication process within the utils.get_shared_secret(), which always returns the "-1" value and as a result allows anyone to connect to the XML-RPC interface as user `''` password "-1". A remote attacker can bypass authentication process and perform arbitrary changes in the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cobbler: 3.0.0 - 3.3.6

External links
https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h
https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0
https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for cobbler
openEuler 22.03 LTS SP4 update for cobbler
openEuler 24.03 LTS update for cobbler
openEuler 24.03 LTS SP1 update for cobbler
openEuler 20.03 LTS SP4 update for cobbler
Fedora EPEL 8 update for cobbler3.2
Fedora EPEL 9 update for cobbler3.2
Fedora EPEL 9 update for cobbler
Fedora 39 update for cobbler
Fedora 40 update for cobbler