Vulnerabilities > CVE-2017-16873 - Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

hashicorp

NVD

Published: 2018-03-29

Updated: 2019-10-03

Summary

It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Vagrant Vmware Fusion 4.0.25 Hashicorp Vagrant Vmware Fusion 5.0.0 Hashicorp Vagrant Vmware Fusion 5.0.1 Hashicorp Vagrant Vmware Fusion 5.0.2 Hashicorp Vagrant Vmware Fusion 5.0.3 Hashicorp Vagrant Vmware Fusion 5.0.4	6

References

https://m4.rkw.io/blog/cve201716873-hashicorp-vagrantvmwarefusion-v4025504-local-root.html