Vulnerability Description
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Akeo | Rufus | <= 2.17 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/403768Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100516Third Party AdvisoryVDB Entry
- https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cbThird Party Advisory
- https://github.com/pbatard/rufus/issues/1009Third Party Advisory
- http://www.kb.cert.org/vuls/id/403768Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100516Third Party AdvisoryVDB Entry
- https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cbThird Party Advisory
- https://github.com/pbatard/rufus/issues/1009Third Party Advisory
FAQ
What is CVE-2017-13083?
CVE-2017-13083 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
How severe is CVE-2017-13083?
CVE-2017-13083 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13083?
Check the references section above for vendor advisories and patch information. Affected products include: Akeo Rufus.