Vulnerability Details CVE-2022-31466
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.2%
CVSS Severity
CVSS v3 Score 7.9
CVSS v2 Score 4.4
References
Products affected by CVE-2022-31466
-
cpe:2.3:a:quickheal:total_security:10.1.0.316
-
cpe:2.3:a:quickheal:total_security:11.00
-
cpe:2.3:a:quickheal:total_security:12.00