CVE-2017-7642

HIGH

HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation

Title source: llm

Description

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

Exploits (1)

exploitdb WORKING POC

by Mark Wadham · textlocalmacos

https://www.exploit-db.com/exploits/42334

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Jul/29

Release Notes, Third Party Advisory x_refsource_confirm

https://github.com/hashicorp/vagrant-plugin-changelog/blob/master/vagrant-vmware-changelog.md

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42334/

Exploit, Third Party Advisory x_refsource_misc

https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html

Scores

CVSS v3 7.8

EPSS 0.0039

EPSS Percentile 59.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (1)

hashicorp/vagrant_vmware_fusion < 4.0.20

Published Aug 02, 2017

Tracked Since Feb 18, 2026