Rufus
CVE-2019-1010100
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.
AnalysisAI
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-426. Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. Affected products include: Akeo Rufus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in Power
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vul
Same weakness CWE-426 – Untrusted Search Path
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today