CVE-2024-47533

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 287

Summary

CVE-2024-47533 is a vulnerability affecting Cobbler, a Linux installation server used for setting up network installation environments. Versions 3.0.0 and earlier, up to 3.2.2 and 3.3.6, contain an improper authentication issue. The function `utils.get_shared_secret()` consistently returns `-1`, enabling unauthenticated access to the XML-RPC interface for Cobbler. Attackers can then make any modifications, resulting in full control of the server. Versions 3.2.3 and 3.3.7 have addressed this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share