Canonical MAAS
Moderate fix6 remedies
cpe:2.3:a:canonical:metal_as_a_service:*:*:*:*:*:*:*
Moderate fix6 remedies
- >= 3.1, < 3.1.4
- >= 3.2, < 3.2.11
- >= 3.3, < 3.3.8
- >= 3.4, < 3.4.4
- >= 3.5, < 3.5.1
MAAS Unauthenticated Remote RPC Command Execution Vulnerability
Vulnerability
Patched
A vulnerability in MAAS (Metal as a Service) allows for unauthenticated remote execution of RPC commands on the region server. This issue arises from inadequate authentication verification, enabling a malicious client to bypass authentication checks and execute commands within a specific region. The vulnerability is present in all MAAS versions.
Impact
Exploitation of this vulnerability allows for unauthorized remote execution of commands on the MAAS region server, which could disrupt services or manipulate resources within the managed environment.
Reproduction
The vulnerability can be reproduced by establishing a TCP connection to the MAAS region server's RPC port (5251) using a Twisted AMP client. Once connected, the client can bypass authentication and send commands to the server, such as creating nodes or updating power states, which could lead to a denial-of-service condition or unauthorized manipulation of resources.
Remediation
This vulnerability has been fixed in MAAS versions 3.1.4 and 3.2.11. Users can upgrade to these versions to address the issue.
Added: Jul 21, 2025, 9:18 AM
Updated: Jul 21, 2025, 9:18 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
1.9exploitability
9.1remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.