CVE-2018-1000226

HIGH

Description

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

References

https://github.com/cobbler/cobbler/issues/1916

https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/

Details

Source: MITRE

Published: 2018-08-20

Updated: 2019-10-03

Type: CWE-732

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
145357openSUSE Security Update : cobbler (openSUSE-2021-46)NessusSuSE Local Security Checks
critical
120290Fedora 29 : cobbler (2018-22c609e92a)NessusFedora Local Security Checks
high
120274Fedora 28 : cobbler (2018-1d2a79fe1c)NessusFedora Local Security Checks
high
112266openSUSE Security Update : cobbler (openSUSE-2018-952)NessusSuSE Local Security Checks
high