CVE-2024-1195

A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.6 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 3.1 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://vuldb.com/?ctiid.252685	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.252685	Third Party Advisory VDB Entry
https://www.youtube.com/watch?v=JdQMINPVJd8	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:iobit:itop_vpn:*:*:*:*:*:*:*:*

History

12 Feb 2024, 17:33

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?ctiid.252685 -~~	() https://vuldb.com/?ctiid.252685 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.252685 -~~	() https://vuldb.com/?id.252685 - Third Party Advisory, VDB Entry
References	~~() https://www.youtube.com/watch?v=JdQMINPVJd8 -~~	() https://www.youtube.com/watch?v=JdQMINPVJd8 - Broken Link
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:iobit:itop_vpn::::::::
First Time		Iobit Iobit itop Vpn

02 Feb 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-02 22:15

Updated : 2024-05-17 02:35

NVD link : CVE-2024-1195

Mitre link : CVE-2024-1195

CVE.ORG link : CVE-2024-1195

JSON object : View

Products Affected

iobit

itop_vpn

CWE

NVD-CWE-noinfo CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2024-1195", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-02T22:15:25.757", "references": [{"url": "https://vuldb.com/?ctiid.252685", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.252685", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://www.youtube.com/watch?v=JdQMINPVJd8", "tags": ["Broken Link"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en iTop VPN hasta 4.0.0.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda ITopVpnCallbackProcess.sys del componente IOCTL Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque debe abordarse localmente. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-252685. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2024-05-17T02:35:18.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iobit:itop_vpn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62034783-DD4D-4989-B145-75BA708E41F0", "versionEndIncluding": "4.0.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}