FKIE_CVE-2024-13614

Vulnerability from fkie_nvd - Published: 2025-02-06 17:15 - Updated: 2025-02-06 17:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
References
vulnerability@kaspersky.comhttps://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
    },
    {
      "lang": "es",
      "value": "Kaspersky ha corregido un problema de seguridad en Kaspersky Anti-Virus SDK para Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security para Windows, Kaspersky Small Office Security, Kaspersky para Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids y Kaspersky Anti-Ransomware Tool que pod\u00eda permitir que un atacante autenticado escribiera datos en un \u00e1rea limitada fuera del b\u00fafer de memoria del n\u00facleo asignado. La correcci\u00f3n se instal\u00f3 autom\u00e1ticamente para todos los productos Kaspersky Endpoint."
    }
  ],
  "id": "CVE-2024-13614",
  "lastModified": "2025-02-06T17:15:18.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 4.2,
        "source": "vulnerability@kaspersky.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-06T17:15:18.080",
  "references": [
    {
      "source": "vulnerability@kaspersky.com",
      "url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
    }
  ],
  "sourceIdentifier": "vulnerability@kaspersky.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "vulnerability@kaspersky.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.