CVE-2024-22014 – This vulnerability in 360 Total Security Antivi... (How to Fix)

Q: What is the severity of CVE-2024-22014?

CVE-2024-22014 has a CVSS score of 8.8 (HIGH). This vulnerability in 360 Total Security Antivirus allows attackers to escalate privileges by exploiting symbolic link following to delete arbitrary files. Attackers can leverage this to gain SYSTEM-level access on Windows systems. Only users running the vulnerable antivirus software on Windows are affected.

📋 TL;DR

This vulnerability in 360 Total Security Antivirus allows attackers to escalate privileges by exploiting symbolic link following to delete arbitrary files. Attackers can leverage this to gain SYSTEM-level access on Windows systems. Only users running the vulnerable antivirus software on Windows are affected.

💻 Affected Systems

Products:

360 Total Security Antivirus

Versions: through 11.0.0.1061

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of the affected versions are vulnerable. The antivirus must be running with its service active.

📦 What is this software?

360 Total Security by 360totalsecurity

View all CVEs affecting 360 Total Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling complete control over the Windows system, data destruction, and persistence establishment.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, delete critical system files, and install malware or backdoors.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though file deletion could still cause service disruption.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Internal attackers or malware with initial foothold can exploit this to gain elevated privileges and move laterally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires local access to the system but is relatively straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 11.0.0.1061

Vendor Advisory: Not publicly available from vendor

Restart Required: Yes

Instructions:

1. Open 360 Total Security. 2. Check for updates in settings. 3. Install any available updates. 4. Restart the computer to ensure the patch is fully applied.

🔧 Temporary Workarounds

Disable 360 Total Security Service

windows

Temporarily disable the antivirus service to prevent exploitation

sc stop 360TotalSecurity
sc config 360TotalSecurity start= disabled

Remove Symbolic Link Privileges

windows

Restrict symbolic link creation for non-administrative users

secedit /export /cfg secpol.cfg
Edit secpol.cfg to set 'Create symbolic links' to Administrators only
secedit /configure /db secpol.sdb /cfg secpol.cfg

🧯 If You Can't Patch

Uninstall 360 Total Security and replace with alternative antivirus solution
Implement strict access controls and monitor for suspicious file deletion activities

🔍 How to Verify

Check if Vulnerable:

Check 360 Total Security version in the application interface or via 'wmic product get name,version' command

Check Version:

wmic product where "name like '%360 Total Security%'" get version

Verify Fix Applied:

Verify version is greater than 11.0.0.1061 and test symbolic link creation/deletion scenarios

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion events in Windows Security logs
Antivirus service restart events
Symbolic link creation by non-admin users

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\360TotalSecurity%' AND AccessMask=0x10000

📊 Metadata

CVE ID: CVE-2024-22014

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-61

Published: April 15, 2024

Last Updated: June 30, 2025

🔗 References

https://github.com/mansk1es/CVE_360TS Exploit,Third Party Advisory
https://github.com/mansk1es/CVE_360TS Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22014, you might also want to check these: