Warning: Unauthorized Access in Cobbler XML-RPC Server patch immediately!

Reference:
Advisory #2024-271

Version:
1.0

Affected software:
Cobbler XML-RPC Server versions 3.0.0 and prior to versions 3.2.3 and 3.3.7

Type:
Improper authentication

CVE/CVSS:
CVE-2024-47533
CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

• https://nvd.nist.gov/vuln/detail/CVE-2024-47533

Risks

Cobbler has a security flaw in older versions that lets unauthorized users access and control the system. This can lead to serious security risks. Upgrading to newer versions fixes the issue.

Description

Cobbler versions 3.0.0 to 3.2.2 have an authentication issue in utils.get_shared_secret() that allows unauthenticated users to access the server through XML-RPC.

Recommended Actions

Patch

This issue is fixed in versions 3.2.3 and 3.3.7. Ensure to upgrade to these versions to prevent unauthorized access.

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-47533