Vulnerabilities > CVE-2017-16873 - Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

hashicorp

NVD

Published: 2018-03-29

Updated: 2024-11-21

Summary

It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Vagrant Vmware Fusion 4.0.25 Hashicorp Vagrant Vmware Fusion 5.0.0 Hashicorp Vagrant Vmware Fusion 5.0.1 Hashicorp Vagrant Vmware Fusion 5.0.2 Hashicorp Vagrant Vmware Fusion 5.0.3 Hashicorp Vagrant Vmware Fusion 5.0.4	6

References

https://m4.rkw.io/blog/cve201716873-hashicorp-vagrantvmwarefusion-v4025504-local-root.html
https://m4.rkw.io/blog/cve201716873-hashicorp-vagrantvmwarefusion-v4025504-local-root.html