mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
290 lines
14 KiB
JSON
290 lines
14 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-13614",
|
|
"ASSIGNER": "vulnerability@kaspersky.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-190: Integer Overflow or Wraparound",
|
|
"cweId": "CWE-190"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Kaspersky",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Kaspersky Anti-Virus SDK for Windows",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "8.10.1.1943",
|
|
"version_value": "8.10.1.1943"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "8.10.1.1943 CF",
|
|
"version_value": "8.10.1.1943 CF"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Security for Virtualization Light Agent",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "5.2",
|
|
"status": "affected",
|
|
"lessThan": "5.2.27.319",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "5.2.27.319",
|
|
"status": "unknown",
|
|
"lessThanOrEqual": "5.2.27.319",
|
|
"versionType": "custom"
|
|
}
|
|
],
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Endpoint Security for Windows",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Small Office Security",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky for Windows (Standard, Plus, Premium)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Free",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Anti-Virus",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Internet Security",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Security Cloud",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Safe Kids",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kaspersky Anti-Ransomware Tool",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225",
|
|
"refsource": "MISC",
|
|
"name": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"value": "There have been no recorded attempts to exploit this issue in the wild."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Florian Schweins"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"
|
|
}
|
|
]
|
|
}
|
|
} |