Описание
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
Ссылки
- Vendor Advisory
- Not Applicable
- Third Party Advisory
- Vendor Advisory
- Not Applicable
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:iobit:itop_vpn:3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.0023
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
EPSS
Процентиль: 46%
0.0023
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo