CVE-2021-27223 - OpenCVE

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaspersky	Anti-virus Endpoint Security Internet Security Security Cloud Small Office Security Total Security

Configuration 1 [-]

OR	cpe:2.3:a:kaspersky:anti-virus::::::::
	cpe:2.3:a:kaspersky:endpoint_security::::::::
	cpe:2.3:a:kaspersky:internet_security::::::::
	cpe:2.3:a:kaspersky:security_cloud::::::::
	cpe:2.3:a:kaspersky:small_office_security::::::::
	cpe:2.3:a:kaspersky:total_security::::::::

No data.

References

Link	Providers
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1

History

No history.

MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2022-04-01T22:17:48

Updated: 2024-08-03T20:40:47.509Z

Reserved: 2021-02-15T00:00:00

Link: CVE-2021-27223

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-01T23:15:09.163

Modified: 2022-04-11T14:30:58.333

Link: CVE-2021-27223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security", "vendor": "n/a", "versions": [{"status": "affected", "version": "with antivirus databases released before June 2021"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}], "problemTypes": [{"descriptions": [{"description": "Denial-of-Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:48", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2021-27223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security", "version": {"version_data": [{"version_value": "with antivirus databases released before June 2021"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial-of-Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1", "refsource": "MISC", "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:40:47.509Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2021-27223", "datePublished": "2022-04-01T22:17:48", "dateReserved": "2021-02-15T00:00:00", "dateUpdated": "2024-08-03T20:40:47.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E82B17A3-41AD-4249-9BA8-12876758C110", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F70BBDF-9AC9-4C15-97CC-F3E76F6B8677", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F359BF0-0E71-4BCA-B2AD-E6AC1448733F", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C16D752-1F39-41D2-A6C8-C910E1374C9D", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D69EA2F-06FE-401F-A77E-74FFAD37D4F8", "versionEndExcluding": "2021-06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2C34230-04C2-474B-96F0-003783420C61", "versionEndExcluding": "2021-06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}, {"lang": "es", "value": "Se presentaba un problema de denegaci\u00f3n de servicio en uno de los m\u00f3dulos incorporados en los productos Kaspersky Anti-Virus for home y Kaspersky Endpoint Security. Un usuario local pod\u00eda causar el bloqueo de Windows al ejecutar un m\u00f3dulo binario especialmente dise\u00f1ado. La correcci\u00f3n fue realizada de forma autom\u00e1tica. Cr\u00e9ditos: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"}], "id": "CVE-2021-27223", "lastModified": "2022-04-11T14:30:58.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-01T23:15:09.163", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Broken Link"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}