Named Pipe Vulnerability in iTop VPN by iTop
CVE-2022-24141

5.4MEDIUM

Key Information:

Vendor

Iobit

Status
Itop Vpn
Vendor
CVE Published:
6 July 2022

What is CVE-2022-24141?

The iTop VPN application version 3.2 contains a vulnerability in its iTopVPNmini.exe component. This flaw arises from the application's attempt to continuously connect to a named pipe server. An attacker can exploit this weakness by creating a named pipe with the same identifier, enabling them to intercept connections and leverage the ImpersonateNamedPipeClient() function to gain unauthorized access to another user's security token. This could pose significant risks to user privacy and data integrity.

References

http://iobit.com
x_refsource_MISC
http://itop.com
x_refsource_MISC
https://github.com/tomerpeled92/CVE/
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.