← Back

CVE-2019-15689

nvd nist
Published: Dec 2, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Affected (15)

Kaspersky
4 products
Kaspersky Internet Security
Secure Connection
Security Cloud
Total Security
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Kaspersky
Kaspersky Internet Security
Version 2019
Kaspersky Internet Security
Version 2019 patch_f
Kaspersky Internet Security
Version 2019 patch_i
Kaspersky Internet Security
Version 2019 patch_j
Kaspersky
Secure Connection
Version 3.0
Secure Connection
Version 4.0
Kaspersky
Security Cloud
Version 2019
Security Cloud
Version 2019 patch_i
Security Cloud
Version 2019 patch_j
Security Cloud
Version 2020
Kaspersky
Total Security
Version 2019
Total Security
Version 2019 patch_f
Total Security
Version 2019 patch_i
Total Security
Version 2019 patch_j
Total Security
Version 2020

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

Source: vulnerability@kaspersky.com
Broken Link
Source: nvd@nist.gov
ExploitThird Party Advisory
Source: nvd@nist.gov
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.