Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Published

2019-12-02T21:15:16.733

Last Modified

2024-11-21T04:29:15.947

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-668
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application kaspersky kaspersky_internet_security 2019 Yes
Application kaspersky kaspersky_internet_security 2019 Yes
Application kaspersky kaspersky_internet_security 2019 Yes
Application kaspersky kaspersky_internet_security 2019 Yes
Application kaspersky secure_connection 3.0 Yes
Application kaspersky secure_connection 4.0 Yes
Application kaspersky security_cloud 2019 Yes
Application kaspersky security_cloud 2019 Yes
Application kaspersky security_cloud 2019 Yes
Application kaspersky security_cloud 2020 Yes
Application kaspersky total_security 2019 Yes
Application kaspersky total_security 2019 Yes
Application kaspersky total_security 2019 Yes
Application kaspersky total_security 2019 Yes
Application kaspersky total_security 2020 Yes
References