CVE-2021-30605

EPSS 0.01%
Published 08.09.2021 21:15:10
Last modified 21.11.2024 06:04:16
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Os Readiness Tool Version < 1.0.2.0

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 7 Version-
   Microsoft ≫ Windows 8.1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bit.ly/37CS6G9

Third Party Advisory

https://crbug.com/1240952

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-30605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30605

EUVD