Named Pipe Impersonation Vulnerability in iTop VPN 3.2

Named Pipe Impersonation Vulnerability in iTop VPN 3.2

CVE-2022-24141 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().

Learn more about our Cis Benchmark Audit For Server Software.