CVE-2019-15689
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud versiones anteriores a 2020 parche E, presentan un error que permite a un usuario local ejecutar código arbitrario por medio de un archivo de ejecución comprometido colocado por parte de un atacante con derechos de administrador. Sin escalada de privilegios. Una posible lista blanca omite algunos de los productos de seguridad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-08-27 CVE Reserved
- 2019-12-02 CVE Published
- 2019-12-18 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219 | Broken Link | |
| https://www.symantec.com/security-center/vulnerabilities/writeup/111033 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Potential-Abuses-CVE-2019-15689 | 2019-12-18 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_f |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_i |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_j |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Secure Connection Search vendor "Kaspersky" for product "Secure Connection" | 3.0 Search vendor "Kaspersky" for product "Secure Connection" and version "3.0" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Secure Connection Search vendor "Kaspersky" for product "Secure Connection" | 4.0 Search vendor "Kaspersky" for product "Secure Connection" and version "4.0" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | patch_i |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | patch_j |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2020 Search vendor "Kaspersky" for product "Security Cloud" and version "2020" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | - |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_f |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_i |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_j |
Affected
| ||||||
| Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2020 Search vendor "Kaspersky" for product "Total Security" and version "2020" | - |
Affected
| ||||||