← Volver a CVEs
CVE-2022-27535
HIGH7.8
Descripcion
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado8/5/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
kaspersky:vpn_secure_connectionmicrosoft:windows
Referencias
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/(vulnerability@kaspersky.com)
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822(vulnerability@kaspersky.com)
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/(vulnerability@kaspersky.com)
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/(af854a3a-2127-422b-91ae-364da2661108)
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822(af854a3a-2127-422b-91ae-364da2661108)
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.