7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
DISPUTED DOSBox 0.72 and earlier allows local users to obtain access
to the filesystem on the host operating system via the mount command.
NOTE: the researcher reports a vendor response stating that this is not a
security problem.
Author | Note |
---|---|
jdstrand | dosbox is not intended to be used as a security sandbox, and the mount command (and others) function as designed |
mdeslaur | disputed, let’s ignore this |