CVE-2017-13083

Опубликовано: 18 окт. 2017

Источник: nvd

CVSS3: 5.3

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

Ссылки

http://www.kb.cert.org/vuls/id/403768
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/100516
Third Party Advisory
VDB Entry
https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb
Third Party Advisory
https://github.com/pbatard/rufus/issues/1009
Third Party Advisory
http://www.kb.cert.org/vuls/id/403768
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/100516
Third Party Advisory
VDB Entry
https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb
Third Party Advisory
https://github.com/pbatard/rufus/issues/1009
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rufus_project:rufus:*:b1186:*:*:*:*:*:*

Версия до 2.17 (включая)

EPSS

Процентиль: 31%

0.00114

Низкий

5.3 Medium

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

CWE-494

Связанные уязвимости

GHSA-rmwh-8jrh-hc23

CVSS3: 8.1

github

больше 3 лет назад

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

EPSS

Процентиль: 31%

0.00114

Низкий

5.3 Medium

CVSS3

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

CWE-494