PT-2019-15547 · Total Defense · Total Defense Anti-Virus

Ntraiseharderror

Published

2019-10-30

Updated

2019-11-01

CVE-2019-18644

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Total Defense Anti-virus version 11.5.2.28

Description The issue concerns a TOCTOU bug in the malware scan function, which can be exploited through symbolic link attacks to delete privileged files.

Recommendations For Total Defense Anti-virus version 11.5.2.28, consider disabling the malware scan function until a patch is available to prevent potential exploitation.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2019-18644

Affected Products

Total Defense Anti-Virus

PT-2019-15547 · Total Defense · Total Defense Anti-Virus

CVE-2019-18644

Weakness Enumeration

Related Identifiers

Affected Products

References · 3