Cobbler 2.6.x XMLRPC Interface Remote Code Execution Vulnerability

Cobbler 2.6.x XMLRPC Interface Remote Code Execution Vulnerability

CVE-2018-10931 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Learn more about our Web Application Penetration Testing UK.