CVE-2022-27535
Summary
| CVE | CVE-2022-27535 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-05 17:15:00 UTC |
| Updated | 2022-08-15 23:05:00 UTC |
| Description | Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kaspersky | Vpn Secure Connection | All | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Kaspersky statement on CVE-2022-27535 - Kaspersky VPN Secure Connection - Kaspersky Support Forum | MISC | forum.kaspersky.com | |
| List of Advisories | MISC | support.kaspersky.com | |
| CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN | Synopsys | MISC | www.synopsys.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.