CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16873
https://notcve.org/view.php?id=CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. Es posible explotar una ruta sin sanear en el binario suid que se distribuye con vagrant-vmware-fusion, de la versión 4.0.25 a la 5.0.4, para escalar a privilegios root. • https://m4.rkw.io/blog/cve201716873-hashicorp-vagrantvmwarefusion-v4025504-local-root.html •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16839
https://notcve.org/view.php?id=CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed. Hashicorp vagrant-vmware-fusion 5.0.4 permite que usuarios locales roben privilegios root si VMware Fusion no está instalado. • https://m4.rkw.io/blog/cve201716839-hashicorp-vagrantvmwarefusion-v504-local-root.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9057
https://notcve.org/view.php?id=CVE-2018-9057
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. aws/resource_aws_iam_user_login_profile.go en el proveedor HashiCorp Terraform Amazon Web Services (AWS) hasta la versión v1.12.0 contiene un algoritmo y semilla PRNG. Esto facilita a los atacantes remotos obtener acceso aprovechando una cuenta IAM que se creó con una contraseña débil. • https://github.com/terraform-providers/terraform-provider-aws/pull/3934 • CWE-332: Insufficient Entropy in PRNG •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16777 – Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16777
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. Si el plugin HashiCorp Vagrant de VMware Fusion (también conocido como vagrant-vmware-fusion) 5.0.3 está instalado, pero VMware Fusion no, un atacante local podría crear un directorio de aplicación falso y explotar el asistente de suid sudo para escalar a root. Hashicorp vagrant-vmware-fusion version 5.0.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43219 https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16001 – Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-16001
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. En el plugin Vagrant VMware Fusion de HashiCorp (también conocido como vagrant-vmware-fusion) 5.0.1, un atacante local o malware pueden alterar el proceso de actualización del plugin con el fin de conseguir un escalado de privilegios root. Hashicorp vagrant-vmware-fusion version 5.0.1 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43220 https://m4.rkw.io/blog/cve201716001-local-root-privesc-in-hashicorp-vagrantvmwarefusion-501.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •