Lucene search

K
cve[email protected]CVE-2022-31466
HistoryMay 23, 2022 - 7:16 p.m.

CVE-2022-31466

2022-05-2319:16:07
CWE-59
CWE-367
web.nvd.nist.gov
46
9
cve
2022
31466
toctou
quick heal total security
vulnerability
privilege escalation
file deletion
nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.

Affected configurations

NVD
Node
quickhealtotal_securityRange<12.1.1.27

Social References

More

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2022-31466