An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context.
Find out more about CVE-2018-10931 from the MITRE CVE dictionary dictionary and NIST NVD.
| CVSS3 Base Score | 9.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 5.7 (RHEL v.6) (cobbler) | RHSA-2018:2372 | 2018-08-09 |
| Red Hat Satellite 5.6 (RHEL v.6) (cobbler) | RHSA-2018:2372 | 2018-08-09 |
| Red Hat Satellite 5.8 (RHEL v.6) (cobbler) | RHSA-2018:2372 | 2018-08-09 |
If SELinux is enabled, it might prevent some locations from accepting uploaded files from the attacker. This prevents some basic attacks allowing remote code execution, although it would not exclude all other possibilities.
Vulmon