CVE-2022-24139
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.
En IOBit Advanced System Care (AscService.exe) versión 15, un atacante con SEImpersonatePrivilege puede crear una tubería con nombre con el mismo nombre que una de las tuberías con nombre de ASCService. ASCService primero intenta conectarse antes de intentar crear las tuberías con nombre, debido a que durante el inicio de sesión el servicio intentará conectarse con el atacante lo que conllevará a una escalada de privilegios (mediante la manipulación de tokens e ImpersonateNamedPipeClient() ) desde ADMIN -) SYSTEM o desde Local ADMIN-) Domain ADMIN dependiendo del usuario y la tubería con nombre que sea usado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-31 CVE Reserved
- 2022-07-06 CVE Published
- 2024-01-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://advanced.com | Not Applicable | |
https://github.com/tomerpeled92/CVE | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://iobit.com | 2022-07-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Iobit Search vendor "Iobit" | Advanced System Care Search vendor "Iobit" for product "Advanced System Care" | 15 Search vendor "Iobit" for product "Advanced System Care" and version "15" | free |
Affected
| ||||||
Iobit Search vendor "Iobit" | Advanced System Care Search vendor "Iobit" for product "Advanced System Care" | 15 Search vendor "Iobit" for product "Advanced System Care" and version "15" | pro |
Affected
|