Vulnerabilities > CVE-2022-27534 - Unspecified vulnerability in Kaspersky products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

kaspersky

NVD

Published: 2022-04-01

Updated: 2022-04-08

Summary

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).

Vulnerable Configurations

Part	Description	Count
Application	Kaspersky Kaspersky Anti Virus * Kaspersky Endpoint Security 10 Kaspersky Endpoint Security 11.0.0 Kaspersky Endpoint Security 11.0.1 Kaspersky Endpoint Security 11.1.0 Kaspersky Endpoint Security 11.6.0 Kaspersky Internet Security - Kaspersky Internet Security 11.12.4.1622 Kaspersky Security Cloud * Kaspersky Small Office Security - Kaspersky Small Office Security 4.0 Kaspersky Small Office Security 5.0 Kaspersky Small Office Security 6.0 Kaspersky Total Security *	15

References

https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2