Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27535

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

Published

2022-08-05T17:15:08.403

Last Modified

2024-11-21T06:55:53.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kaspersky	vpn_secure_connection	< 21.6	Yes
Operating System	microsoft	windows	-	No

References

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ Vendor Advisory ([email protected])
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 Vendor Advisory ([email protected])
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ Third Party Advisory ([email protected])
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)