Search criteria
6 vulnerabilities found for vpn_secure_connection by kaspersky
FKIE_CVE-2022-27535
Vulnerability from fkie_nvd - Published: 2022-08-05 17:15 - Updated: 2024-11-21 06:55
Severity ?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | vpn_secure_connection | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFF1742-6E6F-405D-8623-7636F154156B",
"versionEndExcluding": "21.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
},
{
"lang": "es",
"value": "La versi\u00f3n de Kaspersky VPN Secure Connection para Windows hasta la 21.5 era vulnerable a la eliminaci\u00f3n arbitraria de archivos a trav\u00e9s del abuso de su funci\u00f3n \"Eliminar todos los datos e informes de servicio\" por parte de un atacante local autenticado"
}
],
"id": "CVE-2022-27535",
"lastModified": "2024-11-21T06:55:53.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T17:15:08.403",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25043
Vulnerability from fkie_nvd - Published: 2020-09-02 20:15 - Updated: 2024-11-21 05:16
Severity ?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | vpn_secure_connection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:vpn_secure_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24DBB8C0-F33E-402A-9153-1D187FC7CD31",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
},
{
"lang": "es",
"value": "El instalador de Kaspersky VPN Secure Connection versiones anteriores a 5.0, era vulnerable a una eliminaci\u00f3n arbitraria de archivos que podr\u00eda permitir a un atacante eliminar cualquier archivo del sistema"
}
],
"id": "CVE-2020-25043",
"lastModified": "2024-11-21T05:16:57.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-02T20:15:10.703",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27535 (GCVE-0-2022-27535)
Vulnerability from cvelistv5 – Published: 2022-08-05 16:47 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows |
Affected:
prior to 21.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:41",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
"refsource": "MISC",
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27535",
"datePublished": "2022-08-05T16:47:46",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25043 (GCVE-0-2020-25043)
Vulnerability from cvelistv5 – Published: 2020-09-02 19:28 – Updated: 2024-08-04 15:26
VLAI?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection |
Affected:
prior to 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:28:24",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection",
"version": {
"version_data": [
{
"version_value": "prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25043",
"datePublished": "2020-09-02T19:28:24",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27535 (GCVE-0-2022-27535)
Vulnerability from nvd – Published: 2022-08-05 16:47 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows |
Affected:
prior to 21.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:41",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
"refsource": "MISC",
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27535",
"datePublished": "2022-08-05T16:47:46",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25043 (GCVE-0-2020-25043)
Vulnerability from nvd – Published: 2020-09-02 19:28 – Updated: 2024-08-04 15:26
VLAI?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection |
Affected:
prior to 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:28:24",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection",
"version": {
"version_data": [
{
"version_value": "prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25043",
"datePublished": "2020-09-02T19:28:24",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}