CVE-2022-31466

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
Configurations

Configuration 1 (hide)

cpe:2.3:a:quickheal:total_security:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-59

Information

Published : 2022-05-23 19:16

Updated : 2024-02-28 19:09


NVD link : CVE-2022-31466

Mitre link : CVE-2022-31466

CVE.ORG link : CVE-2022-31466


JSON object : View

Products Affected

quickheal

  • total_security
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-59

Improper Link Resolution Before File Access ('Link Following')