Vulnerabilities > CVE-2022-24141 - Unspecified vulnerability in Iobit Itop VPN 3.2

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

iobit

NVD

Published: 2022-07-06

Updated: 2022-07-14

Summary

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().

Vulnerable Configurations

Part	Description	Count
Application	Iobit Iobit Itop VPN 3.2	1

References

http://itop.com
http://iobit.com
https://github.com/tomerpeled92/CVE/