FKIE_CVE-2022-24139

Vulnerability from fkie_nvd - Published: 2022-07-06 13:15 - Updated: 2024-11-21 06:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.
References
cve@mitre.orghttp://advanced.comNot Applicable
cve@mitre.orghttp://iobit.comVendor Advisory
cve@mitre.orghttps://github.com/tomerpeled92/CVE/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advanced.comNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://iobit.comVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/tomerpeled92/CVE/Third Party Advisory
Impacted products
Vendor Product Version
iobit advanced_system_care 15
iobit advanced_system_care 15
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:iobit:advanced_system_care:15:*:*:*:free:*:*:*",
              "matchCriteriaId": "FF6E8D50-6B8B-43AA-9338-1A4DBE83DB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:iobit:advanced_system_care:15:*:*:*:pro:*:*:*",
              "matchCriteriaId": "1DA08A7C-9D84-4C40-84B4-C0541BCAB266",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService\u0027s named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -\u003e SYSTEM or from Local ADMIN-\u003e Domain ADMIN depending on the user and named pipe that is used."
    },
    {
      "lang": "es",
      "value": "En IOBit Advanced System Care (AscService.exe) versi\u00f3n 15, un atacante con SEImpersonatePrivilege puede crear una tuber\u00eda con nombre con el mismo nombre que una de las tuber\u00edas con nombre de ASCService. ASCService primero intenta conectarse antes de intentar crear las tuber\u00edas con nombre, debido a que durante el inicio de sesi\u00f3n el servicio intentar\u00e1 conectarse con el atacante lo que conllevar\u00e1 a una escalada de privilegios (mediante la manipulaci\u00f3n de tokens e ImpersonateNamedPipeClient() ) desde ADMIN -) SYSTEM o desde Local ADMIN-) Domain ADMIN dependiendo del usuario y la tuber\u00eda con nombre que sea usado"
    }
  ],
  "id": "CVE-2022-24139",
  "lastModified": "2024-11-21T06:49:53.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-06T13:15:09.273",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://advanced.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://iobit.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tomerpeled92/CVE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://advanced.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://iobit.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tomerpeled92/CVE/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.