Lucene search

VulDBCVELIST:CVE-2018-25043

HistoryJun 17, 2022 - 4:45 a.m.

CVE-2018-25043 uTorrent PRNG improper authentication

2022-06-1704:45:35

CWE-287

VulDB

www.cve.org

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

8.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "product": "uTorrent",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html

bugs.chromium.org/p/project-zero/issues/detail?id=1524

vuldb.com/?id.113806