Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows
CVE-2022-27535

7.8HIGH

Key Information:

Vendor
Kaspersky
Status
Kaspersky Vpn Secure Connection For Windows
Vendor
CVE Published:
5 August 2022

Summary

Kaspersky VPN Secure Connection for Windows (versions up to 21.5) contains a vulnerability that allows local authenticated attackers to exploit the 'Delete All Service Data And Reports' feature. This could lead to arbitrary file deletion, enabling unauthorized access or modification of sensitive data, thereby compromising system integrity and security. Users of the affected versions are advised to update to the latest version to mitigate this risk.

Affected Version(s)

Kaspersky VPN Secure Connection for Windows prior to 21.6

References

https://support.kaspersky.com/general/vulnerability.aspx?...
x_refsource_MISC
https://www.synopsys.com/blogs/software-security/cyrc-adv...
x_refsource_MISC
https://forum.kaspersky.com/topic/kaspersky-statement-on-...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.