CVE-2021-30605

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
References
Link Resource
https://bit.ly/37CS6G9 Third Party Advisory
https://crbug.com/1240952 Permissions Required
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome_os_readiness_tool:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

History

15 Sep 2021, 15:58

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome_os_readiness_tool:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
References (MISC) https://bit.ly/37CS6G9 - (MISC) https://bit.ly/37CS6G9 - Third Party Advisory
References (MISC) https://crbug.com/1240952 - (MISC) https://crbug.com/1240952 - Permissions Required
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
CWE CWE-287

08 Sep 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-08 21:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-30605

Mitre link : CVE-2021-30605

CVE.ORG link : CVE-2021-30605


JSON object : View

Products Affected

google

  • chrome_os_readiness_tool

microsoft

  • windows_7
  • windows_10
  • windows_8.1
CWE
CWE-287

Improper Authentication