Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-16001Race Condition in Vagrant

CWE-362Race Condition3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Hashicorp Vagrant
Timeline
PublishedNov 6
Latest updateMay 13

Description

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-cv7p-3h5m-xvwm: In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 52022-05-13

💥Exploits & PoCs

1
Exploit-DB
Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation2017-12-06