Hashicorp: >> Vagrant Vmware Fusion Security Vulnerabilities
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-29
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
CVSS Score
7.0
EPSS Score
0.0
Published
2018-03-29
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-29
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-10-31
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-10-19
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-08
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-08-02