cobbler: improper authentication (CVE-2024-47533) #shorts #breaking

CVE

CVE-2024-47533 involves a critical security flaw in Cobbler, a server application that's used for managing network installations for Linux systems. This vulnerability is due to improper authentication mechanisms present in Cobbler versions 3.0.0 up to but not including 3.2.3 and 3.3.7. The issue arises because the function `utils.get_shared_secret()` consistently returns a value of `-1`. This flaw permits an unauthorized user, who can access the network where Cobbler is running, to connect to the Cobbler XML-RPC interface using an empty username and `-1` as the password. As a result, they gain the ability to make unauthorized changes and gain full control of the server, compromising the server's security and integrity. This highlights the crucial importance of robust authentication processes in maintaining server security.

Watch the full video on YouTube: CVE-2024-47533

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

CVE database technical details

CVE ID

CVE-2024-47533

Description

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

Provider

GitHub_M

CWE / problem types

CWE-287: Improper Authentication

Affected Software Versions

cobbler:cobbler:[{'version': '>= 3.0.0, < 3.2.3', 'status': 'affected'}, {'version': '>= 3.3.0, < 3.3.7', 'status': 'affected'}]

Date Published

2024-11-18T16:33:55.229Z

Last Updated

2024-11-18T18:24:07.378Z