DLL Hijacking Vulnerability in Kaspersky Security Center and Web Console
CVE-2020-25045

7.8HIGH

Key Information:

Vendor: Kaspersky
Status: Kaspersky Security Center & Kaspersky Security Center Web Console
Vendor: CVE Published:; 2 September 2020

Summary

Kaspersky Security Center and its Web Console faced a critical issue where attackers could exploit a DLL hijacking flaw. This vulnerability permitted unauthorized elevation of privileges, allowing potential attackers to gain higher access within the system. It is essential for users of affected versions to apply security patches promptly to mitigate the risk of exploitation.

Affected Version(s)

Kaspersky Security Center & Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A

References

https://support.kaspersky.com/general/vulnerability.aspx?...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2020
Vulnerability Reserved
Aug 31, 2020