CVE-2024-47533
published 2024-11-18CVE-2024-47533: Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.95%
89.1th percentile
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler | cobbler | — | — |
| cobbler | cobbler | — | — |
| cobbler_project | cobbler | >= 3.0.0 < 3.2.3 | 3.2.3 |
| cobbler_project | cobbler | >= 3.3.0 < 3.3.7 | 3.3.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a POST request to /cobbler_api with XML-RPC payload calling 'login' with username '' and password '-1'. A successful authentication bypass returns an HTTP 200 with 'text/xml' content-type, containing '<value>' and '<string>' in the body, and does NOT contain '<fault>' or 'faultString'. ↗
- →Match response body for presence of both '<value>' and '<string>' (condition: and) combined with absence of '<fault>' or 'faultString' (negative match) to confirm successful unauthenticated login. ↗
- →Affected versions are 3.0.0 through 3.2.2 and 3.3.0 through 3.3.6. Fixed in 3.2.3 and 3.3.7. Identify exposed Cobbler instances via Shodan query: http.title:"Cobbler Web Interface". ↗
- ·The authentication bypass is unconditional — utils.get_shared_secret() always returns -1 on vulnerable versions, so any network-reachable Cobbler XML-RPC endpoint is exploitable without prior knowledge of credentials. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
osv·2024-11-18
CVE-2024-47533 [CRITICAL] cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
### Summary
utils.get_shared_secret() always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes.
### Details
utils.py get_shared_secret:
```
def get_shared_secret() -> Union[str, int]:
"""
The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree on shared secret interchange
between the web server and cobblerd, and also the CLI and cobblerd, when username/password access is not required.
For the CLI, this enables root users to avoid entering username/pass if on the Cobbler server.
:return: The Cobbler secret which enables full access to Cobbler.
"""
try:
with open("/var/lib/cobbler/web.ss", 'rb', encoding='utf-8') as
GHSA
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
ghsa·2024-11-18
CVE-2024-47533 [CRITICAL] CWE-287 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
### Summary
utils.get_shared_secret() always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes.
### Details
utils.py get_shared_secret:
```
def get_shared_secret() -> Union[str, int]:
"""
The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree on shared secret interchange
between the web server and cobblerd, and also the CLI and cobblerd, when username/password access is not required.
For the CLI, this enables root users to avoid entering username/pass if on the Cobbler server.
:return: The Cobbler secret which enables full access to Cobbler.
"""
try:
with open("/var/lib/cobbler/web.ss", 'rb', encoding='utf-8') as
OSV
CVE-2024-47533: Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability st
osv·2024-11-18·CVSS 9.8
CVE-2024-47533 [CRITICAL] CVE-2024-47533: Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability st
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
No detection rules found.
Nuclei
Cobbler 'XML-RPC' - Authentication Bypass
nuclei·CVSS 9.8
CVE-2024-47533 [CRITICAL] Cobbler 'XML-RPC' - Authentication Bypass
Cobbler 'XML-RPC' - Authentication Bypass
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
Template:
id: CVE-2024-47533
info:
name: Cobbler 'XML-RPC' - Authentication Bypass
author: songyaeji
severity: critical
description: |
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authenticatio
No writeups or analysis indexed.
2024-11-18
Published