| Vulnerability Name: | CVE-2018-25044 (CCN-229241) | ||||||||||||
| Assigned: | 2018-01-31 | ||||||||||||
| Published: | 2018-01-31 | ||||||||||||
| Updated: | 2022-06-29 | ||||||||||||
| Summary: | A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-269 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-25044 Source: MISC Type: Third Party Advisory http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html Source: CCN Type: Google Security Research Issue 1524 utorrent: various JSON-RPC issues resulting in remote code execution, information disclosure, etc. Source: MISC Type: Exploit, Issue Tracking, Mailing List, Third Party Advisory https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 Source: XF Type: UNKNOWN utorrent-cve201825044-priv-esc(229241) Source: MISC Type: Exploit, Third Party Advisory, VDB Entry https://vuldb.com/?id.113807 Source: CCN Type: uTorrent Web site uTorrent Web | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||