CVE-2017-7642

HIGH

HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7642. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in the Hashicorp Vagrant VMware Fusion plugin. The suid-root binary executes a Ruby script without validating the PATH, allowing an attacker to hijack the execution flow and gain root access.

Description

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

Exploits (1)

exploitdb WORKING POC

by Mark Wadham · textlocalmacos

https://www.exploit-db.com/exploits/42334

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in the Hashicorp Vagrant VMware Fusion plugin. The suid-root binary executes a Ruby script without validating the PATH, allowing an attacker to hijack the execution flow and gain root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Hashicorp Vagrant VMware Fusion plugin 4.0.18

No auth needed

Prerequisites: Vagrant VMware Fusion plugin installed · SUID binary present in ~/.vagrant.d/gems/

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Jul/29

Release Notes, Third Party Advisory x_refsource_confirm

https://github.com/hashicorp/vagrant-plugin-changelog/blob/master/vagrant-vmware-changelog.md

View Writeup ZIP pw:eip

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42334/

Exploit, Third Party Advisory x_refsource_misc

https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html

Scores

CVSS v3 7.8

EPSS 0.0123

EPSS Percentile 65.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (1)

hashicorp/vagrant_vmware_fusion < 4.0.20

Published Aug 02, 2017

Tracked Since Feb 18, 2026