CVE-2019-15689
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud versiones anteriores a 2020 parche E, presentan un error que permite a un usuario local ejecutar código arbitrario por medio de un archivo de ejecución comprometido colocado por parte de un atacante con derechos de administrador. Sin escalada de privilegios. Una posible lista blanca omite algunos de los productos de seguridad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-27 CVE Reserved
- 2019-12-02 CVE Published
- 2019-12-18 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219 | Broken Link | |
https://www.symantec.com/security-center/vulnerabilities/writeup/111033 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Potential-Abuses-CVE-2019-15689 | 2019-12-18 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_f |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_i |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Kaspersky Internet Security Search vendor "Kaspersky" for product "Kaspersky Internet Security" | 2019 Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019" | patch_j |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Secure Connection Search vendor "Kaspersky" for product "Secure Connection" | 3.0 Search vendor "Kaspersky" for product "Secure Connection" and version "3.0" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Secure Connection Search vendor "Kaspersky" for product "Secure Connection" | 4.0 Search vendor "Kaspersky" for product "Secure Connection" and version "4.0" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | patch_i |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2019 Search vendor "Kaspersky" for product "Security Cloud" and version "2019" | patch_j |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Security Cloud Search vendor "Kaspersky" for product "Security Cloud" | 2020 Search vendor "Kaspersky" for product "Security Cloud" and version "2020" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | - |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_f |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_i |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2019 Search vendor "Kaspersky" for product "Total Security" and version "2019" | patch_j |
Affected
| ||||||
Kaspersky Search vendor "Kaspersky" | Total Security Search vendor "Kaspersky" for product "Total Security" | 2020 Search vendor "Kaspersky" for product "Total Security" and version "2020" | - |
Affected
|