Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
References
Link | Resource |
---|---|
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ | Vendor Advisory |
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 | Vendor Advisory |
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
15 Aug 2022, 23:05
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:* |
|
References | (MISC) https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 - Vendor Advisory | |
References | (MISC) https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ - Vendor Advisory | |
References | (MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Microsoft
Microsoft windows Kaspersky vpn Secure Connection Kaspersky |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-05 17:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-27535
Mitre link : CVE-2022-27535
CVE.ORG link : CVE-2022-27535
JSON object : View
Products Affected
microsoft
- windows
kaspersky
- vpn_secure_connection
CWE