Vulnerability Details CVE-2022-24141
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References