A vulnerability was found in Hashicorp vagrant-vmware-fusion up to 4.0.24. It has been rated as critical. Affected by this issue is some unknown functionality of the component suid Wrapper. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.

The bug was discovered 10/18/2017. The weakness was presented 10/19/2017 (Website). The advisory is available at m4.rkw.io. This vulnerability is handled as CVE-2017-12579 since 08/05/2017. Local access is required to approach this attack. A simple authentication is required for exploitation. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Exploit-DB (43223).

Productinfo

Vendor

• Hashicorp

Name

• vagrant-vmware-fusion

Version

• 4.0.0
• 4.0.1
• 4.0.2
• 4.0.3
• 4.0.4
• 4.0.5
• 4.0.6
• 4.0.7
• 4.0.8
• 4.0.9
• 4.0.10
• 4.0.11
• 4.0.12
• 4.0.13
• 4.0.14
• 4.0.15
• 4.0.16
• 4.0.17
• 4.0.18
• 4.0.19
• 4.0.20
• 4.0.21
• 4.0.22
• 4.0.23
• 4.0.24

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion