6.7
CVE-2019-15689
- EPSS 0.06%
- Published 02.12.2019 21:15:16
- Last modified 21.11.2024 04:29:15
- Source vulnerability@kaspersky.com
- Teams watchlist Login
- Open Login
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Data is provided by the National Vulnerability Database (NVD)
Kaspersky ≫ Kaspersky Internet Security Version2019 Update-
Kaspersky ≫ Kaspersky Internet Security Version2019 Updatepatch_f
Kaspersky ≫ Kaspersky Internet Security Version2019 Updatepatch_i
Kaspersky ≫ Kaspersky Internet Security Version2019 Updatepatch_j
Kaspersky ≫ Secure Connection Version3.0
Kaspersky ≫ Secure Connection Version4.0
Kaspersky ≫ Security Cloud Version2019 Update-
Kaspersky ≫ Security Cloud Version2019 Updatepatch_i
Kaspersky ≫ Security Cloud Version2019 Updatepatch_j
Kaspersky ≫ Security Cloud Version2020 Update-
Kaspersky ≫ Total Security Version2019 Update-
Kaspersky ≫ Total Security Version2019 Updatepatch_f
Kaspersky ≫ Total Security Version2019 Updatepatch_i
Kaspersky ≫ Total Security Version2019 Updatepatch_j
Kaspersky ≫ Total Security Version2020
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.143 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.