CVE-2024-34477 - Vulnerability Details - OpenCVE

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Fogproject	Fogproject

Configuration 1 [-]

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00077}`	epss `{'score': 0.00101}`

Thu, 13 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fogproject Fogproject fogproject
CPEs		cpe:2.3:a:fogproject:fogproject::::::::
Vendors & Products		Fogproject Fogproject fogproject
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 26 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-250
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-27T14:00:07.313Z

Updated: 2025-02-13T15:53:26.010Z

Reserved: 2024-05-04T00:00:00.000Z

Link: CVE-2024-34477

Vulnrichment

Updated: 2024-08-02T02:51:11.531Z

NVD

Status : Analyzed

Published: 2024-05-27T14:15:09.470

Modified: 2025-09-26T23:59:59.060

Link: CVE-2024-34477

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34477", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T15:53:26.010Z", "datePublished": "2024-05-27T14:00:07.313Z", "dateReserved": "2024-05-04T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-07T13:43:49.503Z"}, "descriptions": [{"lang": "en", "value": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360"}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability"}, {"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.531Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360", "tags": ["x_transferred"]}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability", "tags": ["x_transferred"]}, {"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-250", "lang": "en", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "affected": [{"vendor": "fogproject", "product": "fogproject", "cpes": ["cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T14:32:55.294855Z", "id": "CVE-2024-34477", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:35:59.830Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360", "tags": ["x_transferred"]}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability", "tags": ["x_transferred"]}, {"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.531Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34477", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-26T14:32:55.294855Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*"], "vendor": "fogproject", "product": "fogproject", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.5.10"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:34:21.173Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360"}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability"}, {"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html"}], "descriptions": [{"lang": "en", "value": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-07T13:43:49.503Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34477", "state": "PUBLISHED", "dateUpdated": "2025-02-13T15:53:26.010Z", "dateReserved": "2024-05-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-27T14:00:07.313Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "1458A2E8-FA89-4C89-B7B7-C0780D95E000", "versionEndExcluding": "1.5.10.41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file."}, {"lang": "es", "value": "configureNFS en lib/common/functions.sh en FOG hasta 1.5.10 permite a los usuarios locales obtener privilegios al montar un recurso compartido NFS manipulado (debido a no_root_squash e inseguro). Para aprovechar la vulnerabilidad, alguien necesita montar un recurso compartido NFS para agregar un archivo ejecutable como root. Adem\u00e1s, se debe agregar el bit SUID a este archivo."}], "id": "CVE-2024-34477", "lastModified": "2025-09-26T23:59:59.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-27T14:15:09.470", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Exploit"], "url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Exploit"], "url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}