CVE-2024-47533
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 287
Summary
CVE-2024-47533 is a vulnerability affecting Cobbler, a Linux installation server used for setting up network installation environments. Versions 3.0.0 and earlier, up to 3.2.2 and 3.3.6, contain an improper authentication issue. The function `utils.get_shared_secret()` consistently returns `-1`, enabling unauthenticated access to the XML-RPC interface for Cobbler. Attackers can then make any modifications, resulting in full control of the server. Versions 3.2.3 and 3.3.7 have addressed this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share