Privilege Escalation Vulnerability in IOBit Advanced System Care
CVE-2022-24139

7.8HIGH

Key Information:

Vendor

Iobit

Status
Advanced System Care
Vendor
CVE Published:
6 July 2022

What is CVE-2022-24139?

A vulnerability in IOBit Advanced System Care (ASCService.exe) allows an attacker with SEImpersonatePrivilege to create a named pipe that mirrors those used by ASCService. The service attempts to connect to the named pipe before creating it, leading to a potential privilege escalation risk. This can enable an attacker to manipulate tokens, allowing for escalated permissions from ADMIN to SYSTEM or from Local ADMIN to Domain ADMIN, depending on the specific user and named pipe employed. This vulnerability underscores the importance of proper access controls in privileged service operations.

References

http://advanced.com
x_refsource_MISC
http://iobit.com
x_refsource_MISC
https://github.com/tomerpeled92/CVE/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.