CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360
https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-27 14:15

Updated : 2024-11-21 09:18

NVD link : CVE-2024-34477

Mitre link : CVE-2024-34477

CVE.ORG link : CVE-2024-34477

JSON object : View

Products Affected

No product.

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2024-34477", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-27T14:15:09.470", "references": [{"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html", "source": "cve@mitre.org"}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability", "source": "cve@mitre.org"}, {"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360", "source": "cve@mitre.org"}, {"url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file."}, {"lang": "es", "value": "configureNFS en lib/common/functions.sh en FOG hasta 1.5.10 permite a los usuarios locales obtener privilegios al montar un recurso compartido NFS manipulado (debido a no_root_squash e inseguro). Para aprovechar la vulnerabilidad, alguien necesita montar un recurso compartido NFS para agregar un archivo ejecutable como root. Adem\u00e1s, se debe agregar el bit SUID a este archivo."}], "lastModified": "2024-11-21T09:18:46.743", "sourceIdentifier": "cve@mitre.org"}