CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise
CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations.
A critical vulnerability has been discovered in Cobbler, a popular Linux installation server used for network-based deployments. The vulnerability, tracked as CVE-2024-47533 and assigned a CVSS score of 9.8, allows unauthorized attackers to gain full control of Cobbler servers.
Vulnerability Details
The vulnerability stems from a flaw in the get_shared_secret() function within the Cobbler code. This function is responsible for generating and managing a shared secret used for authentication between the Cobbler server and its clients, including the web interface and command-line interface (CLI).
Due to an error introduced in Cobbler versions 3.0.0 and later, the get_shared_secret() function always returns a fixed value (-1) instead of a unique secret. This effectively bypasses authentication, allowing anyone to connect to the Cobbler server’s XML-RPC interface as the user "" with the password -1.
Impact and Exploitation
Successful exploitation grants attackers complete control over the Cobbler server. They can manipulate system configurations, deploy malicious software, and potentially gain access to sensitive data.
A proof-of-concept (PoC) exploit has been published, demonstrating the ease with which the vulnerability can be exploited. The PoC utilizes Python code to connect to the Cobbler server’s XML-RPC interface using the vulnerable credentials.
Affected Versions
Cobbler versions 3.0.0 and later are affected by this vulnerability.
Remediation
Users of affected Cobbler versions are strongly urged to update their installations to the latest patched versions: 3.3.7 or 3.2.3.
