CVE-2017-13083
MEDIUMRufus < 2.17 - Improper Certificate Validation in Update Mechanism
Title source: llmDescription
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/403768
Third Party Advisory x_refsource_confirm
https://github.com/pbatard/rufus/issues/1009
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100516
Third Party Advisory x_refsource_confirm
https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb
Scores
CVSS v3
5.3
EPSS
0.0096
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
CWE-345
CWE-347
CWE-494
Status
published
Products (3)
akeo/rufus
< 2.17
Akeo Consulting/Rufus
prior to 2.17.1187
rufus_project/rufus
< 2.17
Published
Oct 18, 2017
Tracked Since
Feb 18, 2026