Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
References
Link | Resource |
---|---|
https://crbug.com/1240952 | Permissions Required |
https://bit.ly/37CS6G9 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2021-09-08 14:15
Updated : 2021-09-15 08:58
NVD link : CVE-2021-30605
Mitre link : CVE-2021-30605
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
- chrome_os_readiness_tool
microsoft
- windows_7
- windows_8.1
- windows_10