Jump to content

Kaspersky statement on CVE-2022-27535


Recommended Posts

Kaspersky statement on CVE-2022-27535 fixed in Kaspersky VPN Secure Connection

The Kaspersky team has closed a vulnerability in the Kaspersky VPN Secure Connection that allowed an authenticated attacker to trigger arbitrary file deletion in the system. It could lead to device malfunction or the removal of important system files required for correct system operation. To execute this attack, an intruder had to create a specific file and convince users to run "Delete all service data and reports" or "Save report on your computer" product features.

To fix the vulnerability, the Kaspersky team recommends users check the app version they are running and install the latest one: https://www.kaspersky.com/vpn-secure-connection#installation

We would like to thank security researcher Ben Ronallo, who discovered the issue and responsibly reported it to Kaspersky.

The affected versions of Kaspersky VPN:

•           Kaspersky VPN Secure Connection prior to 21.6

Attributable to Kaspersky

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.