CVE-2022-31466 HIGH

CVE-2022-31466: TOCTOU Vulnerability in Quick Heal Total Security

Vendor N/A
Product n/a
Published May 23, 2022
Last update August 3, 2024

CVSS base score

7.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.

Key dates

02Disclosure timeline

May 23, 2022 CVE published
August 3, 2024 Record updated