CVE-2021-30605

EPSS 0.01%
Veröffentlicht 08.09.2021 21:15:10
Zuletzt bearbeitet 21.11.2024 06:04:16
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Os Readiness Tool Version < 1.0.2.0

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 7 Version-
   Microsoft ≫ Windows 8.1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bit.ly/37CS6G9

Third Party Advisory

https://crbug.com/1240952

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-30605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30605

EUVD