CVE-2017-15397

CWE-3113 documents3 sources
Severity
7.4HIGH
EPSS
0.3%
top 43.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome OS
Timeline
PublishedFeb 7
Latest updateMay 13

Description

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5google_chrome_os_prior_to_62.0.3202.74Google Chrome OS prior to 62.0.3202.74
NVDgoogle/chrome_os< 62.0.3202.74

🔴Vulnerability Details

2
GHSA
GHSA-fvmw-p7gf-4cq2: Inappropriate implementation in ChromeVox in Google Chrome OS prior to 622022-05-13
CVEList
CVE-2017-15397: Inappropriate implementation in ChromeVox in Google Chrome OS prior to 622018-02-07
CVE-2017-15397 (HIGH CVSS 7.4) | Inappropriate implementation in Chr | cvebase.io