CVE-2017-13083

MEDIUM

Rufus < 2.17 - Signature Verification Bypass

Title source: rule

Description

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

References (4)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/403768

[Third Party Advisory] https://github.com/pbatard/rufus/issues/1009

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100516

[Third Party Advisory] https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-295 CWE-345 CWE-347 CWE-494

Status published

Products (3)

akeo/rufus < 2.17

Akeo Consulting/Rufus prior to 2.17.1187

rufus_project/rufus < 2.17

Published Oct 18, 2017

Tracked Since Feb 18, 2026