Description:
CVE-2022-31466: Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation.
Details:
A Privilege escalation vulnerability was reported in the Quick Heal Total Security version prior to 12.1.1.27 that could allow an adversary to bypass Quick Heal’s self-protection. It may follow a symlink that was created after a malware check.
CVSS Score: 7.9 High
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:P/RL:U/RC:R
Security Impact:
Could potentially be abused to delete an arbitrary file on the system protected by self-protection.
Technical Root Cause of the vulnerability
1. Essentially a Time of Check, Time of Use issue (TOCTOU), where malware is detected first but when the delete/quarantine action has performed the file has changed to a symlink
2. Failure to detect a symlink and blindly following the symlink path to perform high privilege actions
Date of Publication: May 23rd, 2022
Remediation:
Quick Heal Total Security users are recommended to upgrade to v12.1.1.27 and above.
Vulnerability Reporter: Sandeep Kumar Singh
Leave a Reply