PT-2019-11468 · Akeo Consulting · Rufus
Stefan Kanthak
·
Published
2019-07-19
·
Updated
2020-08-24
·
CVE-2019-1010101
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Akeo Consulting Rufus versions 3.0 and earlier
Description:
The issue concerns insecure permissions, allowing for arbitrary code execution with escalation of privilege. This affects the executable installer and all portable executables. The attack vector involves CWE-29, CWE-377, and CWE-379, which relate to path traversal and permission issues.
Recommendations:
For versions 3.0 and earlier, update to a version that addresses the insecure permissions issue to prevent arbitrary code execution and privilege escalation. As a temporary workaround, consider restricting access to the executable installer and portable executables to minimize the risk of exploitation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rufus