Kaspersky » Anti-virus For Linux Server : Security Vulnerabilities, CVEs, Published In 2017
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
Max CVSS
6.1
EPSS Score
0.88%
Published
2017-07-17
Updated
2017-08-12
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
Max CVSS
7.5
EPSS Score
12.60%
Published
2017-07-17
Updated
2017-08-12
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
Max CVSS
10.0
EPSS Score
1.57%
Published
2017-07-17
Updated
2017-08-12
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
Max CVSS
8.8
EPSS Score
3.13%
Published
2017-07-17
Updated
2019-10-03
4 vulnerabilities found