CVE-2019-15689

Published: Dic 02, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-6628 Aliases: GSD-2019-15689
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,7
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 4,6
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0006
Percentile
0,2th
Updated

EPSS Score Trend (Last 91 Days)

668

Exposure of Resource to Wrong Sphere

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Other
Potential Impacts:
Read Application Data Modify Application Data Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
Application

Security Cloud by Kaspersky

Product Information
Vendor Kaspersky
Product Security Cloud
Version 2019
cpe:2.3:a:kaspersky:security_cloud:2019:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Security Cloud by Kaspersky

Product Information
Vendor Kaspersky
Product Security Cloud
Version 2020
cpe:2.3:a:kaspersky:security_cloud:2020:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Secure Connection by Kaspersky

Product Information
Vendor Kaspersky
Product Secure Connection
Version 4.0
cpe:2.3:a:kaspersky:secure_connection:4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Secure Connection by Kaspersky

Product Information
Vendor Kaspersky
Product Secure Connection
Version 3.0
cpe:2.3:a:kaspersky:secure_connection:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kaspersky Internet Security by Kaspersky

Product Information
Vendor Kaspersky
Product Kaspersky Internet Security
Version 2019
cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Total Security by Kaspersky

Product Information
Vendor Kaspersky
Product Total Security
Version 2019
cpe:2.3:a:kaspersky:total_security:2019:patch_f:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Total Security by Kaspersky

Product Information
Vendor Kaspersky
Product Total Security
Version 2019
cpe:2.3:a:kaspersky:total_security:2019:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Security Cloud by Kaspersky

Product Information
Vendor Kaspersky
Product Security Cloud
Version 2019
cpe:2.3:a:kaspersky:security_cloud:2019:patch_j:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Total Security by Kaspersky

Product Information
Vendor Kaspersky
Product Total Security
Version 2020
cpe:2.3:a:kaspersky:total_security:2020:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kaspersky Internet Security by Kaspersky

Product Information
Vendor Kaspersky
Product Kaspersky Internet Security
Version 2019
cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_j:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kaspersky Internet Security by Kaspersky

Product Information
Vendor Kaspersky
Product Kaspersky Internet Security
Version 2019
cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_f:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Total Security by Kaspersky

Product Information
Vendor Kaspersky
Product Total Security
Version 2019
cpe:2.3:a:kaspersky:total_security:2019:patch_i:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kaspersky Internet Security by Kaspersky

Product Information
Vendor Kaspersky
Product Kaspersky Internet Security
Version 2019
cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_i:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Total Security by Kaspersky

Product Information
Vendor Kaspersky
Product Total Security
Version 2019
cpe:2.3:a:kaspersky:total_security:2019:patch_j:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Security Cloud by Kaspersky

Product Information
Vendor Kaspersky
Product Security Cloud
Version 2019
cpe:2.3:a:kaspersky:security_cloud:2019:patch_i:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.kaspersky.com/general/vulnerability.aspx?el…
Broken Link
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL…
Exploit Third Party Advisory
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Pote…
https://www.symantec.com/security-center/vulnerabilities/wr…
Third Party Advisory
https://www.symantec.com/security-center/vulnerabilities/writeup/111033
https://support.kaspersky.com/general/vulnerability.aspx?el…
Broken Link
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219