Critical Improper Authentication Vulnerability in Cobbler (CVE-2024-47533)

ISGroup Cybersecurity

Cobbler, a Linux installation server widely used in network installation environments, has a critical authentication vulnerability in versions 3.0.0 through 3.2.2 and 3.3.0 through 3.3.6. This vulnerability is caused by a flawed function that allows bypassing authentication checks on Cobbler’s XML-RPC interface.

ProductCobbler
Date2024-11-20 17:54:01
Information
  • Trending
  • Fix Available

Technical Summary

The vulnerability in Cobbler stems from the utils.get_shared_secret() function, which is intended to generate and manage authentication secrets between the Cobbler server and its clients. However, in the affected versions, this function consistently returns the fixed value -1. Consequently, an attacker with network access can connect to the XML-RPC interface using the credentials user: "" and password: -1, effectively bypassing authentication.

Impact:

  • Full control of the Cobbler server: Attackers can manipulate configurations, perform unauthorized installations, and access sensitive data.
  • Ease of exploitation: Public proof-of-concept (PoC) exploits demonstrate the simplicity of exploiting this vulnerability using Python.

Affected versions:

  • 3.0.0 through 3.2.2
  • 3.3.0 through 3.3.6

Fixed versions:

  • 3.2.3
  • 3.3.7

Recommendations

  1. Update immediately: Upgrade to the fixed versions, 3.2.3 or 3.3.7, which resolve the issue in the get_shared_secret() function.
  2. Restrict network access: Reduce the network exposure of the Cobbler server to trusted systems only by properly configuring firewalls and network policies.
  3. Monitoring and auditing: Check server logs for any unauthorized access attempts and review configurations for signs of tampering.
  4. Apply hardening measures:
  • Disable the XML-RPC interface if it is not required.
  • Apply restrictive firewall rules and isolate the Cobbler server within a secure network zone.

[Callforaction-THREAT-Footer]