In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.
References
Link | Resource |
---|---|
http://advanced.com | Not Applicable |
http://iobit.com | Vendor Advisory |
https://github.com/tomerpeled92/CVE/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-06T12:41:32
Updated: 2022-07-06T12:41:32
Reserved: 2022-01-31T00:00:00
Link: CVE-2022-24139
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-06T13:15:09.273
Modified: 2022-07-15T16:47:25.200
Link: CVE-2022-24139
JSON object: View
Redhat Information
No data.
CWE