CVE-2022-27534
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
71.0%
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kaspersky | anti-virus | * | cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:* |
| kaspersky | endpoint_security | * | cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:* |
| kaspersky | internet_security | * | cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:* |
| kaspersky | security_cloud | * | cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:* |
| kaspersky | small_office_security | * | cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:* |
| kaspersky | total_security | * | cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
71.0%