{"api_version":"1","generated_at":"2026-04-23T04:11:51+00:00","cve":"CVE-2022-27535","urls":{"html":"https://cve.report/CVE-2022-27535","api":"https://cve.report/api/cve/CVE-2022-27535.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-27535","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-27535"},"summary":{"title":"CVE-2022-27535","description":"Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.","state":"PUBLIC","assigner":"vulnerability@kaspersky.com","published_at":"2022-08-05 17:15:00","updated_at":"2022-08-15 23:05:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/","name":"https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/","refsource":"MISC","tags":[],"title":"Kaspersky statement on CVE-2022-27535 - Kaspersky VPN Secure Connection - Kaspersky Support Forum","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822","name":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822","refsource":"MISC","tags":[],"title":"List of Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/","name":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/","refsource":"MISC","tags":[],"title":"CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN | Synopsys","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-27535","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27535","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"27535","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"vpn_secure_connection","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27535","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-27535","ASSIGNER":"vulnerability@kaspersky.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Kaspersky VPN Secure Connection for Windows","version":{"version_data":[{"version_value":"prior to 21.6"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Local Privilege Escalation (LPE)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822","url":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"},{"refsource":"MISC","name":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/","url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"},{"refsource":"MISC","name":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822","url":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"},{"refsource":"MISC","name":"https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/","url":"https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}]},"description":{"description_data":[{"lang":"eng","value":"Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."}]}},"nvd":{"publishedDate":"2022-08-05 17:15:00","lastModifiedDate":"2022-08-15 23:05:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*","versionEndExcluding":"21.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}