Vulnerability CVE-2018-1000226

Vulnerability Name:

CVE-2018-1000226 (CCN-148751)

Assigned:

2018-08-02

Published:

2018-08-02

Updated:

2019-10-03

Summary:

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-732

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2018-1000226

Source: XF
Type: UNKNOWN
cobbler-cve20181000226-priv-esc(148751)

Source: CCN
Type: cobbler GIT Repository
Many XMLRPC API endpoints are not correctly validating security tokens [CVE-2018-1000226] #1916

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://github.com/cobbler/cobbler/issues/1916

Source: MISC
Type: Third Party Advisory
https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-1000226

Vulnerable Configuration:

Configuration 1:

cpe:/a:cobblerd:cobbler:*:*:*:*:*:*:*:* (Version >= 2.0.0

Configuration CCN 1:

cpe:/a:cobbler_project:cobbler:2.6.11:*:*:*:*:*:*:*

OR cpe:/a:michael_dehaan:cobbler:2.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20181000226	V	CVE-2018-1000226	2022-06-30
oval:org.opensuse.security:def:112087	P	cobbler-3.2.1.336+git.5639a3af-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:59841	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:60434	P	Security update for bcm43xx-firmware (Important)	2021-12-13
oval:org.opensuse.security:def:105629	P	cobbler-3.2.1.336+git.5639a3af-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:59541	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:60352	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:60256	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:58929	P	Security update for opensc (Moderate)	2021-03-31
oval:org.opensuse.security:def:58930	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:60472	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:96468	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:109815	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:103158	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:11200	P	Security update for cobbler (Moderate)	2021-01-14
oval:org.opensuse.security:def:111282	P	Security update for cobbler (Moderate)	2021-01-11
oval:org.opensuse.security:def:59108	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60511	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59360	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:60589	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:60140	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:58952	P	Security update for graphite2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60561	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59656	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:83855	P	Security update for cobbler (Important)	2018-08-30
oval:com.ubuntu.trusty:def:20181000226000	V	CVE-2018-1000226 on Ubuntu 14.04 LTS (trusty) - medium.	2018-08-20
oval:com.ubuntu.xenial:def:20181000226000	V	CVE-2018-1000226 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-20
oval:com.ubuntu.xenial:def:201810002260000000	V	CVE-2018-1000226 on Ubuntu 16.04 LTS (xenial) - medium.	2018-08-20

BACK