Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-16777 — Uncontrolled Search Path Element in Vagrant

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 74.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Hashicorp Vagrant

Timeline

PublishedNov 16

Latest updateMay 13

Description

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDhashicorp/vagrant5.0.3

🔴Vulnerability Details

GHSA

GHSA-fgv7-f23j-2rj6: If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation↗2017-12-06

▶