CVE-2024-22014

Published: Apr 15, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.

Affected (1)

Products: 360totalsecurity: 360 Total Security

360totalsecurity

1 product

360 Total Security

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
360totalsecurity 360 Total Security	Up to 11.0.0.1061

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-61

UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

References (2)

https://github.com/mansk1es/CVE_360TS

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/mansk1es/CVE_360TS

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.