CVE-2022-24141

EUVD-2022-29052
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
iobititop_vpn
3.2
𝑥
= Vulnerable software versions
References
http://iobit.com
http://itop.com
https://github.com/tomerpeled92/CVE/
http://iobit.com
http://itop.com
https://github.com/tomerpeled92/CVE/