CVE-2022-27535 : Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

Published 2022-08-05 17:15:08

Updated 2022-08-15 23:05:58

Source Kaspersky Labs

View at NVD, CVE.org

Products affected by CVE-2022-27535

Kaspersky » Vpn Secure Connection
Versions before (<) 21.6
cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-27535

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-27535

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-27535

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822

Vendor Advisory
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/

Vendor Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-27535

Products affected by CVE-2022-27535

Exploit prediction scoring system (EPSS) score for CVE-2022-27535

CVSS scores for CVE-2022-27535

References for CVE-2022-27535