Information Disclosure Vulnerability in Kaspersky Anti-Virus and Related Products
CVE-2019-15687

6.5MEDIUM

Key Information:

Vendor: Kaspersky
Status: Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud
Vendor: CVE Published:; 26 November 2019

Summary

Certain Kaspersky products, including Kaspersky Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Small Office Security, and Security Cloud up to the year 2020, exhibit a vulnerability in their web protection component. This vulnerability allows for remote disclosure of sensitive information regarding the user's system, such as the Windows version, the specific product version, and a unique host identifier. Attackers could exploit this weakness to gain insights into the system's configuration and potentially target the users.

Affected Version(s)

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020

References

https://support.kaspersky.com/general/vulnerability.aspx?...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2019
Vulnerability Reserved
Aug 27, 2019