Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
References
Link | Resource |
---|---|
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/ | Vendor Advisory |
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822 | Vendor Advisory |
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Kaspersky
Published: 2022-08-05T16:47:46
Updated: 2022-08-09T19:55:41
Reserved: 2022-03-21T00:00:00
Link: CVE-2022-27535
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-05T17:15:08.403
Modified: 2022-08-15T23:05:57.977
Link: CVE-2022-27535
JSON object: View
Redhat Information
No data.
CWE