CVE-2019-15689 — MEDIUM (6.7)

Vulnerability Description

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kaspersky	Kaspersky Internet Security	2019
Kaspersky	Secure Connection	3.0
Kaspersky	Security Cloud	2019
Kaspersky	Total Security	2019

Related Weaknesses (CWE)

CWE-668

References

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219Broken Link
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-PotenExploitThird Party Advisory
https://www.symantec.com/security-center/vulnerabilities/writeup/111033Third Party Advisory
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219Broken Link

FAQ

What is CVE-2019-15689?

CVE-2019-15689 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code v...

How severe is CVE-2019-15689?

CVE-2019-15689 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-15689?

Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Kaspersky Internet Security, Kaspersky Secure Connection, Kaspersky Security Cloud, Kaspersky Total Security.