Lack of Cryptographic Authenticity Check in Programmer Installation Utility Allows Unauthorized Software Installation via USB

Lack of Cryptographic Authenticity Check in Programmer Installation Utility Allows Unauthorized Software Installation via USB

CVE-2021-38396 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.

Learn more about our Web Application Penetration Testing UK.