CVE-2021-27223 - OpenCVE

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Kaspersky	Total Security Internet Security Endpoint Security Security Cloud Anti-virus Small Office Security

Configuration 1 [-]

OR	cpe:2.3:a:kaspersky:anti-virus::::::::
	cpe:2.3:a:kaspersky:endpoint_security::::::::
	cpe:2.3:a:kaspersky:internet_security::::::::
	cpe:2.3:a:kaspersky:security_cloud::::::::
	cpe:2.3:a:kaspersky:small_office_security::::::::
	cpe:2.3:a:kaspersky:total_security::::::::

References

Link	Resource
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Kaspersky

Published: 2022-04-01T22:17:48

Updated: 2022-04-01T22:17:48

Reserved: 2021-02-15T00:00:00

Link: CVE-2021-27223

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-01T23:15:09.163

Modified: 2022-04-11T14:30:58.333

Link: CVE-2021-27223

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security", "vendor": "n/a", "versions": [{"status": "affected", "version": "with antivirus databases released before June 2021"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}], "problemTypes": [{"descriptions": [{"description": "Denial-of-Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:48", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2021-27223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security", "version": {"version_data": [{"version_value": "with antivirus databases released before June 2021"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial-of-Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1", "refsource": "MISC", "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}]}}}}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2021-27223", "datePublished": "2022-04-01T22:17:48", "dateReserved": "2021-02-15T00:00:00", "dateUpdated": "2022-04-01T22:17:48", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E82B17A3-41AD-4249-9BA8-12876758C110", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F70BBDF-9AC9-4C15-97CC-F3E76F6B8677", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F359BF0-0E71-4BCA-B2AD-E6AC1448733F", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C16D752-1F39-41D2-A6C8-C910E1374C9D", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D69EA2F-06FE-401F-A77E-74FFAD37D4F8", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2C34230-04C2-474B-96F0-003783420C61", "versionEndExcluding": "2021-06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}, {"lang": "es", "value": "Se presentaba un problema de denegaci\u00f3n de servicio en uno de los m\u00f3dulos incorporados en los productos Kaspersky Anti-Virus for home y Kaspersky Endpoint Security. Un usuario local pod\u00eda causar el bloqueo de Windows al ejecutar un m\u00f3dulo binario especialmente dise\u00f1ado. La correcci\u00f3n fue realizada de forma autom\u00e1tica. Cr\u00e9ditos: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}], "id": "CVE-2021-27223", "lastModified": "2022-04-11T14:30:58.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-01T23:15:09.163", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Broken Link"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}