CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16512

The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.6%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html
https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html

Products affected by CVE-2017-16512

Hashicorp » Vagrant Vmware Fusion » Version: 5.0.2

cpe:2.3:a:hashicorp:vagrant_vmware_fusion:5.0.2
Hashicorp » Vagrant Vmware Fusion » Version: 5.0.3

cpe:2.3:a:hashicorp:vagrant_vmware_fusion:5.0.3
Hashicorp » Vagrant Vmware Fusion » Version: 5.0.4

cpe:2.3:a:hashicorp:vagrant_vmware_fusion:5.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16512

Products

Pricing

Contact Us