Lucene search

[email protected]CVE-2019-8286

HistoryJul 18, 2019 - 7:15 p.m.

CVE-2019-8286

2019-07-1819:15:11

CWE-200

[email protected]

web.nvd.nist.gov

cve-2019-8286

information disclosure

kaspersky anti-virus

kaspersky internet security

kaspersky total security

cvss v3.0

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.4%

JSON

Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6

Affected configurations

NVD

Node

kasperskyanti-virusRange≤2019

kasperskyfree_anti-virusRange≤2019

kasperskyinternet_securityRange≤2019

kasperskysmall_office_securityRange≤6.0

kasperskytotal_securityRange≤2019

CPENameOperatorVersion
kaspersky:anti-viruskaspersky anti-virusle2019
kaspersky:free_anti-viruskaspersky free anti-virusle2019
kaspersky:internet_securitykaspersky internet securityle2019
kaspersky:small_office_securitykaspersky small office securityle6.0
kaspersky:total_securitykaspersky total securityle2019

CPE	Name	Operator	Version
kaspersky:anti-virus	kaspersky anti-virus	le	2019
kaspersky:free_anti-virus	kaspersky free anti-virus	le	2019
kaspersky:internet_security	kaspersky internet security	le	2019
kaspersky:small_office_security	kaspersky small office security	le	6.0
kaspersky:total_security	kaspersky total security	le	2019

CNA Affected

[
  {
    "product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
    "vendor": "Kaspersky",
    "versions": [
      {
        "status": "affected",
        "version": "up to 2019"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109300

support.kaspersky.com/general/vulnerability.aspx?el=12430#110719

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.4%

JSON

Related for CVE-2019-8286

prion1 thn1 nvd1 cvelist1