CVE-2008-6954 [Critical] | Security Vulnerability in Cobbler

CVE-2008-6954 is rated Moderate Risk (64.4/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 2.15%). Review affected assets and schedule remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.64%	2.15%	+0.51%
2	2026-01-01	1.84%	1.64%	-0.20%
3	2025-03-30	—	1.84%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.64%

2.15%

+0.51%

2026-01-01

1.84%

1.64%

-0.20%

2025-03-30

—

1.84%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.0	2.0	HIGH	`AV:N/AC:L/Au:S/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.0

2.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.0

10.0

[email protected]

Affected software / configurations for CVE-2008-6954

Vendor	Product	Version	Raw CPE
michael_dehaan	cobbler	<= 1.2.8	cpe:2.3:a:michael_dehaan:cobbler::::::::
michael_dehaan	cobbler	0.1.1.7	cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:::::::*
michael_dehaan	cobbler	0.2.1	cpe:2.3:a:michael_dehaan:cobbler:0.2.1:::::::*
michael_dehaan	cobbler	0.2.2	cpe:2.3:a:michael_dehaan:cobbler:0.2.2:::::::*
michael_dehaan	cobbler	0.2.3	cpe:2.3:a:michael_dehaan:cobbler:0.2.3:::::::*
michael_dehaan	cobbler	0.2.5	cpe:2.3:a:michael_dehaan:cobbler:0.2.5:::::::*
michael_dehaan	cobbler	0.2.7	cpe:2.3:a:michael_dehaan:cobbler:0.2.7:::::::*
michael_dehaan	cobbler	0.2.8	cpe:2.3:a:michael_dehaan:cobbler:0.2.8:::::::*
michael_dehaan	cobbler	0.2.9	cpe:2.3:a:michael_dehaan:cobbler:0.2.9:::::::*
michael_dehaan	cobbler	0.3.0	cpe:2.3:a:michael_dehaan:cobbler:0.3.0:::::::*
michael_dehaan	cobbler	0.3.1	cpe:2.3:a:michael_dehaan:cobbler:0.3.1:::::::*
michael_dehaan	cobbler	0.3.3	cpe:2.3:a:michael_dehaan:cobbler:0.3.3:::::::*
michael_dehaan	cobbler	0.3.4	cpe:2.3:a:michael_dehaan:cobbler:0.3.4:::::::*
michael_dehaan	cobbler	0.3.5	cpe:2.3:a:michael_dehaan:cobbler:0.3.5:::::::*
michael_dehaan	cobbler	0.3.6	cpe:2.3:a:michael_dehaan:cobbler:0.3.6:::::::*
michael_dehaan	cobbler	0.3.7	cpe:2.3:a:michael_dehaan:cobbler:0.3.7:::::::*
michael_dehaan	cobbler	0.3.9	cpe:2.3:a:michael_dehaan:cobbler:0.3.9:::::::*
michael_dehaan	cobbler	0.4.0	cpe:2.3:a:michael_dehaan:cobbler:0.4.0:::::::*
michael_dehaan	cobbler	0.4.2	cpe:2.3:a:michael_dehaan:cobbler:0.4.2:::::::*
michael_dehaan	cobbler	0.4.3	cpe:2.3:a:michael_dehaan:cobbler:0.4.3:::::::*
michael_dehaan	cobbler	0.4.5	cpe:2.3:a:michael_dehaan:cobbler:0.4.5:::::::*
michael_dehaan	cobbler	0.4.6	cpe:2.3:a:michael_dehaan:cobbler:0.4.6:::::::*
michael_dehaan	cobbler	0.4.7	cpe:2.3:a:michael_dehaan:cobbler:0.4.7:::::::*
michael_dehaan	cobbler	0.4.8	cpe:2.3:a:michael_dehaan:cobbler:0.4.8:::::::*
michael_dehaan	cobbler	0.5.0	cpe:2.3:a:michael_dehaan:cobbler:0.5.0:::::::*
michael_dehaan	cobbler	0.6.0	cpe:2.3:a:michael_dehaan:cobbler:0.6.0:::::::*
michael_dehaan	cobbler	0.6.1	cpe:2.3:a:michael_dehaan:cobbler:0.6.1:::::::*
michael_dehaan	cobbler	0.6.3	cpe:2.3:a:michael_dehaan:cobbler:0.6.3:::::::*
michael_dehaan	cobbler	0.6.4	cpe:2.3:a:michael_dehaan:cobbler:0.6.4:::::::*
michael_dehaan	cobbler	0.6.5	cpe:2.3:a:michael_dehaan:cobbler:0.6.5:::::::*
michael_dehaan	cobbler	0.8.1	cpe:2.3:a:michael_dehaan:cobbler:0.8.1:::::::*
michael_dehaan	cobbler	0.8.3	cpe:2.3:a:michael_dehaan:cobbler:0.8.3:::::::*
michael_dehaan	cobbler	1.0.0	cpe:2.3:a:michael_dehaan:cobbler:1.0.0:::::::*
michael_dehaan	cobbler	1.0.2	cpe:2.3:a:michael_dehaan:cobbler:1.0.2:::::::*
michael_dehaan	cobbler	1.0.2-1	cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:::::::*
michael_dehaan	cobbler	1.0.3-1	cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:::::::*
michael_dehaan	cobbler	1.2.0	cpe:2.3:a:michael_dehaan:cobbler:1.2.0:::::::*
michael_dehaan	cobbler	1.2.2	cpe:2.3:a:michael_dehaan:cobbler:1.2.2:::::::*
michael_dehaan	cobbler	1.2.3	cpe:2.3:a:michael_dehaan:cobbler:1.2.3:::::::*
michael_dehaan	cobbler	1.2.5	cpe:2.3:a:michael_dehaan:cobbler:1.2.5:::::::*
michael_dehaan	cobbler	1.2.6	cpe:2.3:a:michael_dehaan:cobbler:1.2.6:::::::*
michael_dehaan	cobbler	1.2.7	cpe:2.3:a:michael_dehaan:cobbler:1.2.7:::::::*

References for CVE-2008-6954

URL	Tags
http://freshmeat.net/projects/cobbler/releases/288374	Patch
http://osvdb.org/50291
http://secunia.com/advisories/32737	Vendor Advisory
http://secunia.com/advisories/32804	Vendor Advisory
http://www.securityfocus.com/bid/32317	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/46625
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html

URL

CVE-2008-6954

Exploit prediction scoring system (EPSS) score for CVE-2008-6954

Common vulnerability scoring system (CVSS) metrics for CVE-2008-6954

Weakness enumeration for CVE-2008-6954

GitHub Security Advisory for CVE-2008-6954

Affected software / configurations for CVE-2008-6954

References for CVE-2008-6954