cpe:/a:hashicorp:vagrant_vmware_fusion:4.0.23 CVE-2017-11741 2017-08-08T15:29:00.250-04:00 2019-10-02T20:03:26.223-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov FULLDISC 20170802 CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion <= 4.0.23 EXPLOIT-DB 43224 MISC https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.html HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.