Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
References
Link | Resource |
---|---|
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ | Vendor Advisory |
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 | Vendor Advisory |
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
15 Aug 2022, 23:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ - Third Party Advisory | |
References | (MISC) https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ - Vendor Advisory | |
References | (MISC) https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 - Vendor Advisory |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-05 17:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-27535
Mitre link : CVE-2022-27535
CVE.ORG link : CVE-2022-27535
JSON object : View
Products Affected
kaspersky
- vpn_secure_connection
microsoft
- windows
CWE