CVE-2019-15689 — Resource Exposure in Internet Security

CWE-668 — Resource Exposure3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 82.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky Internet Security Kaspersky Secure Connection Kaspersky Security Cloud +1 more

Timeline

PublishedDec 2

Latest updateMay 24

Description

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDkaspersky/security_cloud2019, 2020+1

▶NVDkaspersky/total_security2019, 2020+1

▶NVDkaspersky/kaspersky_internet_security2019

▶NVDkaspersky/secure_connection3.0, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-6gm8-22cp-c564: Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug th↗2022-05-24

▶

CVEList

CVE-2019-15689: Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug th↗2019-12-02

▶