CVE-2017-13083

Summary

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

Affected Software

VendorProductVersion RangeStatus
Akeo ConsultingRufusprior to 2.17.1187affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation
  • CWE-494: CWE-494: Download of Code Without Integrity Check
  • CWE-345: CWE-345: Insufficient Verification of Data Authenticity
  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

Workarounds

Manually download updates from https://rufus.akeo.ie/

ADP Enrichment

CVE Program Container

Additional References

References