Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
References
Link | Resource |
---|---|
https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerability-in-quick-heal-total-security/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-23T18:19:30
Updated: 2022-06-01T16:25:14
Reserved: 2022-05-23T00:00:00
Link: CVE-2022-31466
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-23T19:16:07.740
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-31466
JSON object: View
Redhat Information
No data.