{"containers": {"cna": {"affected": [{"product": "Kaspersky VPN Secure Connection for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "prior to 21.6"}]}], "descriptions": [{"lang": "en", "value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation (LPE)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T19:55:41", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"tags": ["x_refsource_MISC"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"}, {"tags": ["x_refsource_MISC"], "url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2022-27535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kaspersky VPN Secure Connection for Windows", "version": {"version_data": [{"version_value": "prior to 21.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Privilege Escalation (LPE)"}]}]}, "references": {"reference_data": [{"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822", "refsource": "MISC", "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/", "refsource": "MISC", "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"}, {"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822", "refsource": "MISC", "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/", "refsource": "MISC", "url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2022-27535", "datePublished": "2022-08-05T16:47:46", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-08-03T05:32:59.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDFF1742-6E6F-405D-8623-7636F154156B", "versionEndExcluding": "21.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."}, {"lang": "es", "value": "La versi\u00f3n de Kaspersky VPN Secure Connection para Windows hasta la 21.5 era vulnerable a la eliminaci\u00f3n arbitraria de archivos a trav\u00e9s del abuso de su funci\u00f3n \"Eliminar todos los datos e informes de servicio\" por parte de un atacante local autenticado"}], "id": "CVE-2022-27535", "lastModified": "2024-11-21T06:55:53.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-05T17:15:08.403", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Vendor Advisory"], "url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}, {"source": "vulnerability@kaspersky.com", "tags": ["Vendor Advisory"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}