Lucene search

VulDBCVELIST:CVE-2018-25040

HistoryJun 17, 2022 - 4:45 a.m.

CVE-2018-25040 uTorrent Web HTTP RPC Server privileges management

2022-06-1704:45:30

CWE-269

VulDB

www.cve.org

utorrent

web

http

rpc

server

privileges

management

vulnerability

cve-2018-25040

critical

component

manipulation

privilege escalation

remote attack

exploit disclosure

public

upgrade

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "product": "Web",
    "vendor": "uTorrent",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

bugs.chromium.org/p/project-zero/issues/detail?id=1524

vuldb.com/?id.113803

www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/