CVE-2022-27535

high

Description

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Details

Source: Mitre, NVD

Published: 2022-08-05

Updated: 2022-08-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00279

Detections

Analytics