This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-7763.
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the extension info message. An attacker able to
intercept communications could possibly use this issue to downgrade
the algorithm used for client authentication. (CVE-2023-46445)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the user authentication request message. An
attacker could possibly use this issue to control the remote end of an SSH
client session via packet injection/removal and shell emulation.
(CVE-2023-46446)
cobbler3.2-3.2.3-1.el8
Update to 3.2.3 – CVE-2024-47533
cobbler3.2-3.2.3-1.el9
Update to 3.2.3 – CVE-2024-47533
cobbler-3.3.7-1.el9
Update to 3.3.7 – CVE-2024-47533
cobbler-3.3.7-1.fc40
Update to 3.3.7 – CVE-2024-47533
cobbler-3.3.7-1.fc39
Update to 3.3.7 – CVE-2024-47533
cobbler-3.3.7-1.fc41
Update to 3.3.7 – CVE-2024-47533
