CVE-2017-16777

HIGH

HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation

Title source: llm

Description

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43219

View Code ZIP pw:eip

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43219/

Scores

CVSS v3 7.8

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

hashicorp/vagrant

Timeline

Published Nov 16, 2017

Tracked Since Feb 18, 2026