{"containers": {"cna": {"affected": [{"product": "Google Chrome OS prior to 62.0.3202.74", "vendor": "n/a", "versions": [{"status": "affected", "version": "Google Chrome OS prior to 62.0.3202.74"}]}], "datePublic": "2017-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."}], "problemTypes": [{"descriptions": [{"description": "Script injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-15T17:06:09", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "DSA-4243", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4243"}, {"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/777215"}, {"name": "GLSA-201908-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-08"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-15400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Google Chrome OS prior to 62.0.3202.74", "version": {"version_data": [{"version_value": "Google Chrome OS prior to 62.0.3202.74"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Script injection"}]}]}, "references": {"reference_data": [{"name": "DSA-4243", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4243"}, {"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"name": "https://crbug.com/777215", "refsource": "MISC", "url": "https://crbug.com/777215"}, {"name": "GLSA-201908-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-08"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:26.090Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4243", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4243"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/777215"}, {"name": "GLSA-201908-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-08"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-15400", "datePublished": "2018-02-07T23:00:00", "dateReserved": "2017-10-17T00:00:00", "dateUpdated": "2024-08-05T19:57:26.090Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "87004649-1263-4704-A4EE-B3132BFC08FD", "versionEndExcluding": "62.0.3202.74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."}, {"lang": "es", "value": "La restricci\u00f3n insuficiente de filtros IPP en CUPS en Google Chrome OS, en versiones anteriores a la 62.0.3202.74, permite que un atacante remoto ejecute un comando con los mismos privilegios que el demonio cups mediante un archivo PPD manipulado. Esto tambi\u00e9n se conoce como problema CRLF zeroconfig de impresora."}], "id": "CVE-2017-15400", "lastModified": "2024-11-21T03:14:38.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2018-02-07T23:29:00.937", "references": [{"source": "[email protected]", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"source": "[email protected]", "url": "https://crbug.com/777215"}, {"source": "[email protected]", "url": "https://security.gentoo.org/glsa/201908-08"}, {"source": "[email protected]", "url": "https://www.debian.org/security/2018/dsa-4243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/777215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201908-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4243"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-93"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon", "id": "1607288", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607288"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-266", "details": ["Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."], "name": "CVE-2017-15400", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Virtualization 4"}], "public_date": "2017-10-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15400\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15400"], "threat_severity": "Important"}