CVE-2019-8286 - OpenCVE

Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaspersky	Anti-virus Free Anti-virus Internet Security Small Office Security Total Security

Configuration 1 [-]

OR	cpe:2.3:a:kaspersky:anti-virus::::::::
	cpe:2.3:a:kaspersky:free_anti-virus::::::::
	cpe:2.3:a:kaspersky:internet_security::::::::
	cpe:2.3:a:kaspersky:small_office_security::::::::
	cpe:2.3:a:kaspersky:total_security::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/109300
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719

History

No history.

MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2019-07-18T18:34:15

Updated: 2024-08-04T21:17:30.549Z

Reserved: 2019-02-12T00:00:00

Link: CVE-2019-8286

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-18T19:15:11.677

Modified: 2019-07-26T14:42:36.627

Link: CVE-2019-8286

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security", "vendor": "Kaspersky", "versions": [{"status": "affected", "version": "up to 2019"}]}], "datePublic": "2019-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-22T06:06:03", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"}, {"name": "109300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109300"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2019-8286", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security", "version": {"version_data": [{"version_value": "up to 2019"}]}}]}, "vendor_name": "Kaspersky"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719", "refsource": "CONFIRM", "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"}, {"name": "109300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109300"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:17:30.549Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"}, {"name": "109300", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109300"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2019-8286", "datePublished": "2019-07-18T18:34:15", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:17:30.549Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*", "matchCriteriaId": "809717AB-2B60-4242-90CB-AADA2DD4910A", "versionEndIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:free_anti-virus:*:*:*:*:*:*:*:*", "matchCriteriaId": "2122730F-0290-4649-A74B-88557E4BB960", "versionEndIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "AACC2371-3664-457F-9877-73B25D6300FA", "versionEndIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "466D54D7-44EE-4085-9314-F369B58575F0", "versionEndIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F25C6C41-32B9-4263-8003-FAFAA542926B", "versionEndIncluding": "2019", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"}, {"lang": "es", "value": "La divulgaci\u00f3n de informaci\u00f3n en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podr\u00edan revelar una identificaci\u00f3n de producto \u00fanica al obligar a la v\u00edctima a visitar una p\u00e1gina web especialmente dise\u00f1ada (por ejemplo, haciendo clic en el enlace de phishing). La vulnerabilidad tiene CVSS v3.0 puntuaci\u00f3n base 2.6"}], "id": "CVE-2019-8286", "lastModified": "2019-07-26T14:42:36.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T19:15:11.677", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109300"}, {"source": "vulnerability@kaspersky.com", "tags": ["Vendor Advisory"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}