CVE-2022-24139 - OpenCVE

In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Iobit	Advanced System Care

Configuration 1 [-]

OR	cpe:2.3:a:iobit:advanced_system_care:15::::free:::
	cpe:2.3:a:iobit:advanced_system_care:15::::pro:::

No data.

References

Link	Providers
http://advanced.com
http://iobit.com
https://github.com/tomerpeled92/CVE/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-06T12:41:32

Updated: 2024-08-03T04:07:01.033Z

Reserved: 2022-01-31T00:00:00

Link: CVE-2022-24139

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-06T13:15:09.273

Modified: 2022-07-15T16:47:25.200

Link: CVE-2022-24139

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-06T12:41:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://advanced.com"}, {"tags": ["x_refsource_MISC"], "url": "http://iobit.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tomerpeled92/CVE/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://advanced.com", "refsource": "MISC", "url": "http://advanced.com"}, {"name": "http://iobit.com", "refsource": "MISC", "url": "http://iobit.com"}, {"name": "https://github.com/tomerpeled92/CVE/", "refsource": "MISC", "url": "https://github.com/tomerpeled92/CVE/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:07:01.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://advanced.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://iobit.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tomerpeled92/CVE/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24139", "datePublished": "2022-07-06T12:41:32", "dateReserved": "2022-01-31T00:00:00", "dateUpdated": "2024-08-03T04:07:01.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iobit:advanced_system_care:15:*:*:*:free:*:*:*", "matchCriteriaId": "FF6E8D50-6B8B-43AA-9338-1A4DBE83DB34", "vulnerable": true}, {"criteria": "cpe:2.3:a:iobit:advanced_system_care:15:*:*:*:pro:*:*:*", "matchCriteriaId": "1DA08A7C-9D84-4C40-84B4-C0541BCAB266", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used."}, {"lang": "es", "value": "En IOBit Advanced System Care (AscService.exe) versi\u00f3n 15, un atacante con SEImpersonatePrivilege puede crear una tuber\u00eda con nombre con el mismo nombre que una de las tuber\u00edas con nombre de ASCService. ASCService primero intenta conectarse antes de intentar crear las tuber\u00edas con nombre, debido a que durante el inicio de sesi\u00f3n el servicio intentar\u00e1 conectarse con el atacante lo que conllevar\u00e1 a una escalada de privilegios (mediante la manipulaci\u00f3n de tokens e ImpersonateNamedPipeClient() ) desde ADMIN -) SYSTEM o desde Local ADMIN-) Domain ADMIN dependiendo del usuario y la tuber\u00eda con nombre que sea usado"}], "id": "CVE-2022-24139", "lastModified": "2022-07-15T16:47:25.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-06T13:15:09.273", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://advanced.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://iobit.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/tomerpeled92/CVE/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}