Vulnerability: Privilege Escalation via Fake Application Directory in HashiCorp Vagrant VMware Fusion Plugin

CVE-2017-16777 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

Learn more about our Cis Benchmark Audit For Vmware.