Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by an
information disclosure vulnerability.

Description :

The remote host has a version of Kaspersky Internet Security (KIS)
installed that is missing a vendor patch. It is, therefore, affected
by an information disclosure vulnerability.

An out-of-bounds read error, known as the 'Heartbleed Bug', exists
related to handling TLS heartbeat extensions that could allow an
attacker to obtain sensitive information such as primary key material,
secondary key material, and other protected content.

See also :

http://support.kaspersky.com/10235#block1
http://support.kaspersky.com/us/8049#patches
http://www.heartbleed.com
https://eprint.iacr.org/2014/140
https://www.openssl.org/news/vulnerabilities.html#2014-0160
https://www.openssl.org/news/secadv/20140407.txt

Solution :

Upgrade to Kaspersky Internet Security 13.0.1.4190 Patch K /
14.0.0.4651 Patch G or later.

In the case of other versions, please contact the vendor for guidance.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 7.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 77437 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now