Vulnerability Description
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Vagrant Vmware Fusion | <= 4.0.23 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Aug/0Mailing ListThird Party Advisory
- https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarExploitThird Party Advisory
- https://www.exploit-db.com/exploits/43224/
- http://seclists.org/fulldisclosure/2017/Aug/0Mailing ListThird Party Advisory
- https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarExploitThird Party Advisory
- https://www.exploit-db.com/exploits/43224/
FAQ
What is CVE-2017-11741?
CVE-2017-11741 is a vulnerability with a CVSS score of 8.8 (HIGH). HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by...
How severe is CVE-2017-11741?
CVE-2017-11741 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11741?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Vagrant Vmware Fusion.