Search criteria
4 vulnerabilities found for vpn_secure_connection by kaspersky
CVE-2022-27535 (GCVE-0-2022-27535)
Vulnerability from nvd – Published: 2022-08-05 16:47 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows |
Affected:
prior to 21.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:41",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
"refsource": "MISC",
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27535",
"datePublished": "2022-08-05T16:47:46",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25043 (GCVE-0-2020-25043)
Vulnerability from nvd – Published: 2020-09-02 19:28 – Updated: 2024-08-04 15:26
VLAI?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection |
Affected:
prior to 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:28:24",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection",
"version": {
"version_data": [
{
"version_value": "prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25043",
"datePublished": "2020-09-02T19:28:24",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27535 (GCVE-0-2022-27535)
Vulnerability from cvelistv5 – Published: 2022-08-05 16:47 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows |
Affected:
prior to 21.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:41",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
"refsource": "MISC",
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27535",
"datePublished": "2022-08-05T16:47:46",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25043 (GCVE-0-2020-25043)
Vulnerability from cvelistv5 – Published: 2020-09-02 19:28 – Updated: 2024-08-04 15:26
VLAI?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection |
Affected:
prior to 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:28:24",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection",
"version": {
"version_data": [
{
"version_value": "prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25043",
"datePublished": "2020-09-02T19:28:24",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}