Exploiting this vulnerability requires the attacker to execute a Man-in-the-Middle (MITM) attack, which is unlikely to be exploitable against the average user.
AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2024-51774 is a security vulnerability found in qBittorrent versions prior to 5.0.1. The vulnerability stems from the application proceeding to use HTTPS URLs even after encountering certificate validation errors. This issue existed for a significant period, from April 6, 2010, until it was patched on October 12, 2024. The flaw lies within the DownloadManager class, where SSL certificate validation errors were ignored. Exploitation of this vulnerability could lead to man-in-the-middle (MITM) attacks and remote code execution (RCE), especially on Windows systems where malicious files could be downloaded and executed under the guise of legitimate updates.
- Description
- qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
New CVE-2024-51774 dropped on QTorrent. MITM RCE, single click compromise. "Oh I'm sure they accidentally messed up the if logic and failed to verify TLS correctly". <looks inside> DEAR MOTHER OF GOD https://t.co/TCUUOH3gsJ
@matiasgoldberg
3 Nov 2024
110039 Impressions
208 Retweets
1897 Likes
332 Bookmarks
34 Replies
43 Quotes
Got my first ever CVE: CVE-2024-51774. The first of many!
@0xsee4
2 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51774 Insecure HTTPS Handling in qBittorrent Before Version 5.0.1 qBittorrent... https://t.co/WTbleFvMrD Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
2 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-51774: Improper cert validation in qBittorrent up to 5.0.0 allows remote attacks. Update to patched version immediately to prevent MITM & data compromise. #CyberSecurity #qBittorrentVuln
@oktsec
2 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51774 qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. https://t.co/m3OXoaLRni
@CVEnew
2 Nov 2024
956 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E299D12D-A468-4935-8DFD-2A6C8C8384DD",
"versionEndExcluding": "5.0.1"
}
],
"operator": "OR"
}
]
}
]