March 28, 2022: Kaspersky confirms vulnerability.Zeeshan Shaikh is a researcher from the Synopsys Cybersecurity Research Center. Kaspersky VPN Secure Connection 21.3.10.391 (h) ImpactĬVSS 3.1 vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Remediation Publication of CVE-2022-27535 is expected soon from Kaspersky. In the Support Tools part of the application, a regular user can use Delete service data and reports to remove a privileged folder.īased on this capability, an attacker can leverage Arbitrary Folder Delete to SYSTEM EoP to gain SYSTEM privileges. The Synopsys Cybersecurity Research Center (CyRC) team has identified a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows. CVE-2022-27535 is a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.
0 kommentar(er)
