PT-2017-12912 · Akeo Consulting · Rufus
Wdormann
·
Publicado
2017-10-18
·
Atualizado
2019-10-09
·
CVE-2017-13083
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Akeo Consulting Rufus versions prior to 2.17.1187
Description
The issue concerns inadequate validation of the integrity of updates downloaded over HTTP, allowing an attacker to convince a user to execute arbitrary code.
Recommendations
For versions prior to 2.17.1187, update to version 2.17.1187 or later to resolve the issue.
Correção
Insufficient Verification of Data Authenticity
Improper Verification of Cryptographic Signature
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Rufus