Hashicorp Vagrant Vmware Fusion vulnerabilities
7 known vulnerabilities affecting hashicorp/vagrant_vmware_fusion.
Total CVEs
7
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH7
Vulnerabilities
Page 1 of 1
CVE-2017-11741P3HIGHCVSS 8.8PoC≤ 4.0.232017-08-08
CVE-2017-11741 [HIGH] CWE-276 CVE-2017-11741: HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissio
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
nvd
CVE-2017-12579P3HIGHCVSS 7.8PoC≤ 4.0.242017-10-19
CVE-2017-12579 [HIGH] CWE-427 CVE-2017-12579: An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fu
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
nvd
CVE-2017-7642P3HIGHCVSS 7.8PoC≤ 4.0.202017-08-02
CVE-2017-7642 [HIGH] CWE-426 CVE-2017-7642: The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
nvd
CVE-2017-15884P3HIGHCVSS 7.0PoCv5.0.02017-10-31
CVE-2017-15884 [HIGH] CWE-362 CVE-2017-15884: In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or mal
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
nvd
CVE-2017-16512P3HIGHCVSS 7.8≥ 5.0.2, ≤ 5.0.42018-03-29
CVE-2017-16512 [HIGH] CWE-362 CVE-2017-16512: The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
nvd
CVE-2017-16873P3HIGHCVSS 7.8≥ 4.0.25, ≤ 5.0.42018-03-29
CVE-2017-16873 [HIGH] CVE-2017-16873: It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusi
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.
nvd
CVE-2017-16839P4HIGHCVSS 7.0v5.0.42018-03-29
CVE-2017-16839 [HIGH] CVE-2017-16839: Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion i
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
nvd