www.belgium.be Logo of the federal government

Warning: Unauthorized Access in Cobbler XML-RPC Server patch immediately!

Referentie: 
Advisory #2024-271
Versie: 
1.0
Geïmpacteerde software: 
Cobbler XML-RPC Server versions 3.0.0 and prior to versions 3.2.3 and 3.3.7
Type: 
Improper authentication
CVE/CVSS: 

CVE-2024-47533
CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

Risico’s

Cobbler has a security flaw in older versions that lets unauthorized users access and control the system. This can lead to serious security risks. Upgrading to newer versions fixes the issue.

Beschrijving

Cobbler versions 3.0.0 to 3.2.2 have an authentication issue in utils.get_shared_secret() that allows unauthenticated users to access the server through XML-RPC.

Aanbevolen acties

Patch

This issue is fixed in versions 3.2.3 and 3.3.7. Ensure to upgrade to these versions to prevent unauthorized access.

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

 

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties