CVE-2024-34477

Name: CVE-2024-34477
Creator: NVD / NIST
Published: 2024-05-27T14:15:09.47+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2024-34477 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.27%

18.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-250

Affected Software

Vendor	Product	Versions
Fogproject	Fogproject	< 1.5.10.41

References

https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.htmlExploit, Third Party Advisory
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerabilityExploit, Vendor Advisory
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360Product
https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.htmlExploit, Third Party Advisory
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerabilityExploit, Vendor Advisory
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360Product

Timeline

Published: May 27, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-34477?

How severe is CVE-2024-34477?

CVE-2024-34477 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2024-34477?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-34477?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST