CVE-2017-11741

HIGH

HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11741. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Hashicorp's vagrant-vmware-fusion plugin (versions 4.0.22-4.0.23) by overwriting the sudo helper script with arbitrary code, which is then executed as root when a vagrant box is started.

Description

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43224

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Hashicorp's vagrant-vmware-fusion plugin (versions 4.0.22-4.0.23) by overwriting the sudo helper script with arbitrary code, which is then executed as root when a vagrant box is started.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Hashicorp vagrant-vmware-fusion plugin versions 4.0.22-4.0.23

No auth needed

Prerequisites: Presence of a vmware_fusion box on the system · Vulnerable vagrant-vmware-fusion plugin installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Aug/0

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43224/

Exploit, Third Party Advisory x_refsource_misc

https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.html

Scores

CVSS v3 8.8

EPSS 0.0111

EPSS Percentile 61.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

hashicorp/vagrant_vmware_fusion < 4.0.23

Published Aug 08, 2017

Tracked Since Feb 18, 2026