CVE-2024-47533

CRITICAL NUCLEI

Cobbler <3.2.3, <3.3.7 - Auth Bypass

Title source: llm

Description

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

Exploits (5)

nomisec WORKING POC 5 stars
by dollarboysushil · poc
https://github.com/dollarboysushil/CVE-2024-47533-Cobbler-XMLRPC-Authentication-Bypass-RCE-Exploit-POC
nomisec WORKING POC 3 stars
by baph00met · poc
https://github.com/baph00met/CVE-2024-47533
nomisec WORKING POC 1 stars
by zs1n · poc
https://github.com/zs1n/CVE-2024-47533
nomisec WORKING POC 1 stars
by okkotsu1 · poc
https://github.com/okkotsu1/CVE-2024-47533
nomisec WORKING POC 1 stars
by 00xCanelo · poc
https://github.com/00xCanelo/CVE-2024-47533-PoC

Nuclei Templates (1)

Cobbler 'XML-RPC' - Authentication Bypass
CRITICALVERIFIEDby songyaeji
Shodan: http.title:"Cobbler Web Interface"

References (3)

Scores

CVSS v3 9.8
EPSS 0.7247
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
cobbler/cobbler >= 3.0.0, < 3.2.3
cobbler/cobbler >= 3.3.0, < 3.3.7
pypi/cobbler 3.3.0 - 3.3.7PyPI
Published Nov 18, 2024
Tracked Since Feb 18, 2026