exploitDog

CVE-2019-1010101

Опубликовано: 19 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.

Ссылки

http://seclists.org/oss-sec/2018/q2/146
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2018/q2/146
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:akeo:rufus:*:*:*:*:*:*:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 71%

0.00677

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-q8qc-66ph-9f73

CVSS3: 9.8

github

больше 3 лет назад

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379.

EPSS

Процентиль: 71%

0.00677

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-732