Web Protection Bypass in Kaspersky Products
CVE-2019-15688

6.1MEDIUM

Key Information:

Vendor: Kaspersky
Status: Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud
Vendor: CVE Published:; 26 November 2019

Summary

The web protection component in various Kaspersky products fails to adequately alert users regarding the risks associated with redirecting to potentially harmful sites. This weakness could allow attackers to bypass security measures, exposing users to untrusted domains without proper warnings, thus compromising the integrity of the users' browsing experience.

Affected Version(s)

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020

References

https://support.kaspersky.com/general/vulnerability.aspx?...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 26, 2019
Vulnerability Reserved
Aug 27, 2019