Insecure SUID Wrapper in HashiCorp Vagrant VMware Fusion Plugin
CVE-2017-12579

7.8HIGH

Key Information:

Vendor: Hashicorp
Status: Vagrant Vmware Fusion
Vendor: CVE Published:; 19 October 2017

What is CVE-2017-12579?

An insecure SUID wrapper binary present in the HashiCorp Vagrant VMware Fusion plugin version 4.0.24 and earlier allows non-root users to execute code with root privileges. This vulnerability can be exploited to gain unauthorized access to a root shell, potentially compromising the security of systems utilizing this plugin. It is crucial for users to upgrade to the latest version to mitigate the risks associated with this vulnerability.

References

https://m4.rkw.io/blog/cve201712579-local-root-privesc-in...

x_refsource_MISC

https://www.exploit-db.com/exploits/43223/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Aug 5, 2017

Hashicorp

What is CVE-2017-12579?

References

CVSS V3.1

Timeline