CVE-2017-15358

Опубликовано: 03 авг. 2018

Источник: nvd

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.

Ссылки

https://m4.rkw.io/blog/cve201715358-local-root-privesc-in-charles-proxy-42.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/45107/
Exploit
Third Party Advisory
VDB Entry
https://m4.rkw.io/blog/cve201715358-local-root-privesc-in-charles-proxy-42.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/45107/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:charlesproxy:charles:*:*:*:*:*:*:*:*

Версия до 4.2.1 (исключая)

EPSS

Процентиль: 52%

0.00288

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-pvx4-8cjx-478q