CVE-2017-16777

HIGH

HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16777. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in the Vagrant VMware Fusion plugin (5.0.3) by creating a fake VMware Fusion.app directory with a malicious vmnet-cli script. When executed, it sets the SUID bit on a payload binary, granting root access.

Description

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mark Wadham · bashlocalmacos
https://www.exploit-db.com/exploits/43219

This exploit leverages a privilege escalation vulnerability in the Vagrant VMware Fusion plugin (5.0.3) by creating a fake VMware Fusion.app directory with a malicious vmnet-cli script. When executed, it sets the SUID bit on a payload binary, granting root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Vagrant VMware Fusion plugin 5.0.3
Auth required
Prerequisites: Local admin access · Vagrant VMware Fusion plugin 5.0.3 installed · VMware Fusion not installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43219/

Scores

CVSS v3 7.8
EPSS 0.0098
EPSS Percentile 57.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (1)
hashicorp/vagrant 5.0.3
Published Nov 16, 2017
Tracked Since Feb 18, 2026