Jump to content

Kaspersky statement on CVE-2022-27535

Recommended Posts

Kaspersky statement on CVE-2022-27535 fixed in Kaspersky VPN Secure Connection

The Kaspersky team has closed a vulnerability in the Kaspersky VPN Secure Connection that allowed an authenticated attacker to trigger arbitrary file deletion in the system. It could lead to device malfunction or the removal of important system files required for correct system operation. To execute this attack, an intruder had to create a specific file and convince users to run "Delete all service data and reports" or "Save report on your computer" product features.

To fix the vulnerability, the Kaspersky team recommends users check the app version they are running and install the latest one: https://www.kaspersky.com/vpn-secure-connection#installation

We would like to thank security researcher Ben Ronallo, who discovered the issue and responsibly reported it to Kaspersky.

The affected versions of Kaspersky VPN:

•           Kaspersky VPN Secure Connection prior to 21.6

Attributable to Kaspersky

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...