← back
CVE-2017-7642

CVE-2017-7642

EPSS 1.2%
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42334/unverifiedexploitdbwww.exploit-db.com/exploits/42334unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2017/Jul/29https://github.com/hashicorp/vagrant-plugin-changelog/blob/master/vagrant-vmware-changelog.mdhttps://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.htmlhttps://www.exploit-db.com/exploits/42334/