CVE-2017-11741

HIGH

HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation

Title source: llm

Description

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43224

View Code ZIP pw:eip

References (3)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Aug/0

[Exploit, Third Party Advisory] https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43224/

Scores

CVSS v3 8.8

EPSS 0.0031

EPSS Percentile 54.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

hashicorp/vagrant_vmware_fusion < 4.0.23

Published Aug 08, 2017

Tracked Since Feb 18, 2026