The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
References
| Link | Resource |
|---|---|
| https://github.com/tomerpeled92/CVE/ | Third Party Advisory |
| https://github.com/tomerpeled92/CVE/ | Third Party Advisory |
Configurations
History
09 Jul 2026, 01:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Nov 2024, 06:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://iobit.com - Vendor Advisory | |
| References | () http://itop.com - Not Applicable | |
| References | () https://github.com/tomerpeled92/CVE/ - Third Party Advisory |
Information
Published : 2022-07-06 13:15
Updated : 2026-07-09 01:17
NVD link : CVE-2022-24141
Mitre link : CVE-2022-24141
CVE.ORG link : CVE-2022-24141
JSON object : View
Products Affected
iobit
- itop_vpn
CWE
