Vulnerabilities > CVE-2022-27534 - Unspecified vulnerability in Kaspersky products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

kaspersky

critical

NVD

Published: 2022-04-01

Updated: 2024-11-21

Summary

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).

Vulnerable Configurations

Part	Description	Count
Application	Kaspersky Kaspersky Internet Security - Kaspersky Internet Security 11.12.4.1622 Kaspersky Security Cloud - Kaspersky Anti Virus - Kaspersky Total Security - Kaspersky Small Office Security - Kaspersky Small Office Security 4.0 Kaspersky Small Office Security 5.0 Kaspersky Small Office Security 6.0 Kaspersky Endpoint Security - Kaspersky Endpoint Security 10 Kaspersky Endpoint Security 11.0.0 Kaspersky Endpoint Security 11.0.1 Kaspersky Endpoint Security 11.1.0 Kaspersky Endpoint Security 11.6.0	16

Summary

Vulnerable Configurations

References