CVE-2022-27535
N/A
N/A
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows | prior to 21.6 | affected |
Weaknesses
- Local Privilege Escalation (LPE)
ADP Enrichment
CVE Program Container
Additional References
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
- https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/
References
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
- https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.