CVE-2017-15400

CWE-93 CWE-2667 documents7 sources

Severity

7.8HIGH

EPSS

0.4%

top 38.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome OS

Timeline

PublishedFeb 7

Latest updateMay 14

Description

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google_chrome_os_prior_to_62.0.3202.74Google Chrome OS prior to 62.0.3202.74

▶NVDgoogle/chrome_os< 62.0.3202.74

▶Debiancups< 2.2.3-2+3

🔴Vulnerability Details

GHSA

GHSA-2m9r-8mxg-wqgx: Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62↗2022-05-14

▶

OSV

CVE-2017-15400: Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62↗2018-02-07

▶

CVEList

CVE-2017-15400: Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62↗2018-02-07

▶

📋Vendor Advisories

Red Hat

cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon↗2017-10-27

▶

Debian

CVE-2017-15400: cups - Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62....↗2017

▶

💬Community

Bugzilla

CVE-2017-15400 cups: Insufficient restriction of IPP filters allows a remote attacker to execute commands with the privilege level of cups daemon↗2018-07-23

▶