Itop Vpn
CVE-2024-1195
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-404. A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Affected products include: Iobit Itop Vpn. Version information: up to 4.0.0.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. Rated medi
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today