CVE-2017-11741

8.8HIGH

Key Information:

Vendor
Hashicorp
Status
Vagrant Vmware Fusion
Vendor
CVE Published:
8 August 2017

Summary

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

References

http://seclists.org/fulldisclosure/2017/Aug/0
mailing-listx_refsource_FULLDISC
https://www.exploit-db.com/exploits/43224/
exploitx_refsource_EXPLOIT-DB
https://m4.rkw.io/blog/cve201711741-local-root-privesc-in...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.