Local Privilege Escalation in HashiCorp Vagrant VMware Fusion Plugin
CVE-2017-15884

7HIGH

Key Information:

Vendor: Hashicorp
Status: Vagrant Vmware Fusion
Vendor: CVE Published:; 31 October 2017

Summary

The HashiCorp Vagrant VMware Fusion plugin version 5.0.0 is susceptible to a local privilege escalation vulnerability. This issue permits an attacker or malicious software to manipulate the update process of the plugin, enabling them to gain root privileges on the affected system. Given its nature, this vulnerability poses a significant risk as it can lead to unauthorized access and control over the host environment.

References

https://m4.rkw.io/blog/cve201715884-local-root-privesc-in...

x_refsource_MISC

https://www.exploit-db.com/exploits/43222/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2017
Vulnerability Reserved
Oct 25, 2017