CVE-2022-31466
HIGHQuick Heal Total Security <12.1.1.27 - Privilege Escalation
Title source: llmDescription
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerability-in-quick-heal-total-security/
Scores
CVSS v3
7.9
EPSS
0.0015
EPSS Percentile
4.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Details
CWE
CWE-367
CWE-59
Status
published
Products (1)
quickheal/total_security
< 12.1.1.27
Published
May 23, 2022
Tracked Since
Feb 18, 2026