Vulnerability Description
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaspersky | Vpn Secure Connection | < 21.6 |
| Microsoft | Windows | - |
References
- https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/Vendor Advisory
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822Vendor Advisory
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-micThird Party Advisory
- https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/Vendor Advisory
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822Vendor Advisory
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-micThird Party Advisory
FAQ
What is CVE-2022-27535?
CVE-2022-27535 is a vulnerability with a CVSS score of 7.8 (HIGH). Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attac...
How severe is CVE-2022-27535?
CVE-2022-27535 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27535?
Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Vpn Secure Connection, Microsoft Windows.