Miggo Logo

CVE-2018-10931:
Cobbler has Exposed Dangerous Method or Function

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.98475%
Published
5/13/2022
Updated
2/8/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cobblerpip>= 2.6.0, < 3.0.03.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from CobblerXMLRPCInterface exposing all class methods over XMLRPC without proper authentication. The GitHub commit explicitly adds access checks to 'modify_setting', confirming it was previously unprotected. This function's ability to alter system settings (like security flags) made it a critical attack vector. While other methods in the class were likely also exposed, 'modify_setting' is specifically documented in the patch and vulnerability reports as a key entry point for privilege escalation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It w*s *oun* t**t *o**l*r *.*.x *xpos** *ll *un*tions *rom its *o**l*rXMLRP*Int*r**** *l*ss ov*r XMLRP*. * r*mot*, un*ut**nti**t** *tt**k*r *oul* us* t*is *l*w to **in *i** privil***s wit*in *o**l*r, uplo** *il*s to *r*itr*ry lo**tion in t** *ont*xt

Reasoning

T** vuln*r**ility st*ms *rom *o**l*rXMLRP*Int*r**** *xposin* *ll *l*ss m*t*o*s ov*r XMLRP* wit*out prop*r *ut**nti**tion. T** *it*u* *ommit *xpli*itly ***s ****ss ****ks to 'mo*i*y_s*ttin*', *on*irmin* it w*s pr*viously unprot**t**. T*is *un*tion's *