Privilege Escalation in HashiCorp Vagrant VMware Fusion Plugin

Privilege Escalation in HashiCorp Vagrant VMware Fusion Plugin

CVE-2017-7642 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

Learn more about our Cis Benchmark Audit For Vmware.