Lucene search

[email protected]NVD:CVE-2022-27535

HistoryAug 05, 2022 - 5:15 p.m.

CVE-2022-27535

2022-08-0517:15:08

[email protected]

web.nvd.nist.gov

kaspersky

vpn

windows

arbitrary file deletion

local attacker

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker.

Affected configurations

Nvd

Node

kasperskyvpn_secure_connectionRange<21.6

AND

microsoftwindowsMatch-

VendorProductVersionCPE
kasperskyvpn_secure_connection*cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kaspersky	vpn_secure_connection	*	cpe:2.3:a:kaspersky:vpn_secure_connection::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-27535

prion1 cvelist1 cve1