High severity8.8NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-11741

Description

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.htmlnvdExploitThird Party Advisory
seclists.org/fulldisclosure/2017/Aug/0nvdMailing ListThird Party Advisory
www.exploit-db.com/exploits/43224/nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000