Design a site like this with WordPress.com
Get started

CVE-2022-31466: Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation

Description:
CVE-2022-31466: Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation.

Details:
A Privilege escalation vulnerability was reported in the Quick Heal Total Security version prior to 12.1.1.27 that could allow an adversary to bypass Quick Heal’s self-protection. It may follow a symlink that was created after a malware check.

CVSS Score: 7.9 High
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:P/RL:U/RC:R

Security Impact:
Could potentially be abused to delete an arbitrary file on the system protected by self-protection.

Technical Root Cause of the vulnerability
1. Essentially a Time of Check, Time of Use issue (TOCTOU), where malware is detected first but when the delete/quarantine action has performed the file has changed to a symlink
2. Failure to detect a symlink and blindly following the symlink path to perform high privilege actions

Date of Publication: May 23rd, 2022

Remediation:
Quick Heal Total Security users are recommended to upgrade to v12.1.1.27 and above. 

Vulnerability Reporter: Sandeep Kumar Singh

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31466

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: