CVE-2017-13083
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD
Description
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
Affected (1)
Related CWEs
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CWE-494
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
References (8)
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.