Home > Vulnerability Database > CVE-2024-34477

Mend.io Vulnerability Database

CVE-2024-34477

Date: May 27, 2024

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

Language: SHELL

Severity Score

7.8

Related Resources (5)

Url: https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34477

Url: https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html

Url: https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability

Url: https://www.mend.io/vulnerability-database/CVE-2024-34477

Severity Score

7.8

Weakness Type (CWE)

Execution with Unnecessary Privileges

CWE-250

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34477

Date: May 27, 2024

Language: SHELL

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?