Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and previous versions allows a non-root user to obtain a root shell.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp vagrant vmware fusion

# I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant # Unfortunately the 4023 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out another release # - 4024 - after that (but didn't update the public changelog on github) # Unfort ...

CWE-427 https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html https://www.exploit-db.com/exploits/43223/https://nvd.nist.gov https://www.exploit-db.com/exploits/43223/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-12579

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect