CVE-2022-31466 — HIGH (7.9)

Q: How severe is CVE-2022-31466?

CVE-2022-31466 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-31466?

Check the references section above for vendor advisories and patch information. Affected products include: Quickheal Total Security.

Vulnerability Description

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.

CVSS Score

7.9

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Quickheal	Total Security	< 12.1.1.27

Related Weaknesses (CWE)

CWE-59 CWE-367

References

https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerabiliThird Party Advisory
https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerabiliThird Party Advisory

FAQ

What is CVE-2022-31466?

CVE-2022-31466 is a vulnerability with a CVSS score of 7.9 (HIGH). Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system fi...

How severe is CVE-2022-31466?

CVE-2022-31466 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-31466?

Check the references section above for vendor advisories and patch information. Affected products include: Quickheal Total Security.