CVE-2024-22014

Exploit

EPSS 0.4%
Veröffentlicht 15.04.2024 18:15:10
Zuletzt bearbeitet 30.06.2025 14:26:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

360totalsecurity ≫ 360 Total Security Version <= 11.0.0.1061

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.597

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-61 UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

https://github.com/mansk1es/CVE_360TS

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-22014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22014

EUVD