CVE-2023-30801 - Vulnerability Details - OpenCVE

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qbittorrent	Qbittorrent

Configuration 1 [-]

cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/qbittorrent/qBittorrent/issues/18731
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/
https://vulncheck.com/advisories/qbittorrent-default-creds

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2023-10-10T13:46:46.775Z

Updated: 2024-08-02T14:37:15.452Z

Reserved: 2023-04-18T10:31:45.962Z

Link: CVE-2023-30801

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-10-10T14:15:10.493

Modified: 2024-11-21T08:00:55.790

Link: CVE-2023-30801

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30801", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2023-04-18T10:31:45.962Z", "datePublished": "2023-10-10T13:46:46.775Z", "dateUpdated": "2024-08-02T14:37:15.452Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows", "Linux", "MacOS"], "product": "qBittorrent client", "vendor": "qBittorrent", "versions": [{"lessThanOrEqual": "4.5.5", "status": "affected", "version": "0", "versionType": "1.2.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.<br>"}], "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n"}], "impacts": [{"capecId": "CAPEC-70", "descriptions": [{"lang": "en", "value": "CAPEC-70 Try Common or Default Usernames and Passwords"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392: Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2023-10-10T13:46:46.775Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"}], "source": {"discovery": "UNKNOWN"}, "title": "qBittorrent Web UI Default Credentials Lead to RCE", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.452Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1B8F48C-E176-4D0E-A303-596701DD2EF4", "versionEndIncluding": "4.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n"}, {"lang": "es", "value": "Todas las versiones del cliente qBittorrent hasta la 4.5.5 utilizan credenciales predeterminadas cuando la interfaz de usuario web est\u00e1 habilitada. El administrador no est\u00e1 obligado a cambiar las credenciales predeterminadas. A partir de 4.5.5, este problema no se ha solucionado. Un atacante remoto puede utilizar las credenciales predeterminadas para autenticar y ejecutar comandos arbitrarios del sistema operativo utilizando la funci\u00f3n \"programa externo\" en la interfaz de usuario web. Seg\u00fan se informa, esto fue explotado salvajemente en marzo de 2023."}], "id": "CVE-2023-30801", "lastModified": "2024-11-21T08:00:55.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T14:15:10.493", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"], "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"}, {"source": "disclosure@vulncheck.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"}, {"source": "disclosure@vulncheck.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}