CVE-2022-27535

CVE Database · CVE-2022-27535

CVE-2022-27535

· HIGHModified

CVSS v3.1

7.8

EPSS

0.31%

Published

Aug 5, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (2)

kaspersky · vpn_secure_connection (up to 21.6)vulnerable

microsoft · windows

References (6)

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Vendor Advisory

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

Vendor Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

Third Party Advisory

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Vendor Advisory

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

Vendor Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs