Vulnerabilities > CVE-2019-15689 - Exposure of Resource to Wrong Sphere vulnerability in Kaspersky products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

kaspersky

CWE-668

NVD

Published: 2019-12-02

Updated: 2019-12-18

Summary

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Vulnerable Configurations

Part	Description	Count
Application	Kaspersky Kaspersky Total Security 2020 Kaspersky Total Security 2019 Kaspersky Secure Connection 3.0 Kaspersky Secure Connection 4.0 Kaspersky Security Cloud 2020 Kaspersky Security Cloud 2019 Kaspersky Kaspersky Internet Security 2019	15

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References