Bulletin ID: HCSEC-2024-25
Affected Products / Versions: Vagrant VMware Utility <= 1.0.22, fixed in 1.0.23
Publication Date: October 29, 2024
Summary
The Vagrant VMware Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMware Utility 1.0.23
Background
Vagrant VMware Utility is a tool distributed separately from Vagrant that enables Vagrant to be used with VMware software. For more information, please read our documentation about Vagrant VMware Providers.
For the Windows platform, the format used is Windows Installer (MSI).
Details
It was reported that the Vagrant VMware Utility’s Windows installer’s usage of a custom location with a non-protected path exposed the target system to unauthorized file system write. The impact of this is system-dependent, but in some cases may include privilege escalation. This issue did not impact non-Windows platforms. This vulnerability was fixed in Vagrant VMware Utility 1.0.23.
Remediation
This was addressed in Vagrant VMware Utility 1.0.23 by moving the Windows install location to the system-protected Program Files directory.
Users should evaluate the risk and consider upgrading to Vagrant VMWare Utility 1.0.23. Please refer to our plugin installation instructions for information on upgrading. Please refer to Upgrading Vagrant for general guidance and upgrade notes.
Acknowledgement
HashiCorp thanks Farid Zerrouk and Huriye Özdemir for reporting this issue.