Warning: Unauthorized Access in Cobbler XML-RPC Server patch immediately!
CVE-2024-47533
CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Bronnen
Risico’s
Cobbler has a security flaw in older versions that lets unauthorized users access and control the system. This can lead to serious security risks. Upgrading to newer versions fixes the issue.
Beschrijving
Cobbler versions 3.0.0 to 3.2.2 have an authentication issue in utils.get_shared_secret() that allows unauthenticated users to access the server through XML-RPC.
Aanbevolen acties
Patch
This issue is fixed in versions 3.2.3 and 3.3.7. Ensure to upgrade to these versions to prevent unauthorized access.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.