mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
106 lines
3.1 KiB
JSON
106 lines
3.1 KiB
JSON
{
|
|
"id": "CVE-2022-27535",
|
|
"sourceIdentifier": "vulnerability@kaspersky.com",
|
|
"published": "2022-08-05T17:15:08.403",
|
|
"lastModified": "2022-08-15T23:05:57.977",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La versi\u00f3n de Kaspersky VPN Secure Connection para Windows hasta la 21.5 era vulnerable a la eliminaci\u00f3n arbitraria de archivos a trav\u00e9s del abuso de su funci\u00f3n \"Eliminar todos los datos e informes de servicio\" por parte de un atacante local autenticado"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "21.6",
|
|
"matchCriteriaId": "CDFF1742-6E6F-405D-8623-7636F154156B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
|
|
"source": "vulnerability@kaspersky.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
|
|
"source": "vulnerability@kaspersky.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
|
|
"source": "vulnerability@kaspersky.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |