CVE-2022-27535

EUVD-2022-32036
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
kasperskyvpn_secure_connection
𝑥
< 21.6
𝑥
= Vulnerable software versions
References
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/