Description
I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.
References (2)
Core 2
Core References
Product x_refsource_misc
https://geti2p.net/en
Technical Description, Third Party Advisory x_refsource_misc
https://blog.blazeinfosec.com/security-advisory-i2p-for-windows-local-privilege-escalation/
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
9.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
geti2p/i2p
< 0.9.46
Published
Jun 16, 2020
Tracked Since
Feb 18, 2026