CVE-2019-1010101

Name of the Vulnerable Software and Affected Versions: Akeo Consulting Rufus versions 3.0 and earlier

Description: The issue concerns insecure permissions, allowing for arbitrary code execution with escalation of privilege. This affects the executable installer and all portable executables. The attack vector involves CWE-29, CWE-377, and CWE-379, which relate to path traversal and permission issues.

Recommendations: For versions 3.0 and earlier, update to a version that addresses the insecure permissions issue to prevent arbitrary code execution and privilege escalation. As a temporary workaround, consider restricting access to the executable installer and portable executables to minimize the risk of exploitation.