CVE-2022-31466

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
Configurations

Configuration 1 (hide)

cpe:2.3:a:quickheal:total_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:04

Type Values Removed Values Added
References () https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerability-in-quick-heal-total-security/ - Third Party Advisory () https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerability-in-quick-heal-total-security/ - Third Party Advisory
CVSS v2 : 4.4
v3 : 7.0
v2 : 4.4
v3 : 7.9

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-59

Information

Published : 2022-05-23 19:16

Updated : 2024-11-21 07:04


NVD link : CVE-2022-31466

Mitre link : CVE-2022-31466

CVE.ORG link : CVE-2022-31466


JSON object : View

Products Affected

quickheal

  • total_security
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition