CVE-2017-15405

{"id": "CVE-2017-15405", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2019-01-09T19:29:00.917", "references": [{"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html", "source": "chrome-cve-admin@google.com"}, {"url": "https://crbug.com/766276", "source": "chrome-cve-admin@google.com"}, {"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://crbug.com/766276", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page."}, {"lang": "es", "value": "La gesti\u00f3n de symlink inapropiada y una condici\u00f3n de carrera en la implementaci\u00f3n de la funcionalidad de recuperaci\u00f3n de estado podr\u00eda provocar una persistencia establecida por c\u00f3digo malicioso que se ejecuta con privilegios root en cryptohomed en Google Chrome en Chroms OS, en sus versiones anteriores a la 61.0.3163.113, permiti\u00f3 a un atacante local ejecutar c\u00f3digo arbitrario mediante una p\u00e1gina HTML manipulada."}], "lastModified": "2024-11-21T03:14:38.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A79C7C71-F89D-47B6-B58D-570FA10A5359", "versionEndExcluding": "61.0.3163.113"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com"}