Cobbler xmlrpc API power_system Method Remote Shell Command Execution
Medium Nessus Plugin ID 59402
The remote service is affected by a command injection vulnerability.
According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'power_system' method. Successful exploitation requires an authenticated user and xmlrpc API access.
Upgrade to the latest developmental version of Cobbler or apply the fixes manually.