CVE-2017-13083

MEDIUM5.3

Description

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

Akeo Consulting / Rufusprior to 2.17.1187 – prior to 2.17.1187

References

MISChttp://www.kb.cert.org/vuls/id/403768
MISChttps://github.com/pbatard/rufus/issues/1009
MISChttp://www.securityfocus.com/bid/100516
PATCHhttps://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb