CVE-2017-15884

Опубликовано: 31 окт. 2017

Источник: nvd

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

Ссылки

https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43222/
https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43222/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hashicorp:vagrant_vmware_fusion:5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-fpqq-fq3j-62hx