CVE-2022-27535

Published: Aug 5, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

Affected (1)

Products: Kaspersky: Vpn Secure Connection

Kaspersky

1 product

Vpn Secure Connection

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kaspersky Vpn Secure Connection	Before 21.6

Running on/with	Platform Versions
Microsoft Windows	All versions

References (6)

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Source: vulnerability@kaspersky.com

Vendor Advisory

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

Source: vulnerability@kaspersky.com

Vendor Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

Source: vulnerability@kaspersky.com

Third Party Advisory

https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.