CVE-2022-24141 Information

Description

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().

Reference

http://itop.com http://iobit.com https://github.com/tomerpeled92/CVE/