// For flags

CVE-2019-15689

 

Severity Score

6.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud versiones anteriores a 2020 parche E, presentan un error que permite a un usuario local ejecutar código arbitrario por medio de un archivo de ejecución comprometido colocado por parte de un atacante con derechos de administrador. Sin escalada de privilegios. Una posible lista blanca omite algunos de los productos de seguridad

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-08-27 CVE Reserved
  • 2019-12-02 CVE Published
  • 2019-12-18 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
2019
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
2019
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019"
patch_f
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
2019
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019"
patch_i
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
2019
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "2019"
patch_j
Affected
Kaspersky
Search vendor "Kaspersky"
Secure Connection
Search vendor "Kaspersky" for product "Secure Connection"
3.0
Search vendor "Kaspersky" for product "Secure Connection" and version "3.0"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Secure Connection
Search vendor "Kaspersky" for product "Secure Connection"
4.0
Search vendor "Kaspersky" for product "Secure Connection" and version "4.0"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Security Cloud
Search vendor "Kaspersky" for product "Security Cloud"
2019
Search vendor "Kaspersky" for product "Security Cloud" and version "2019"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Security Cloud
Search vendor "Kaspersky" for product "Security Cloud"
2019
Search vendor "Kaspersky" for product "Security Cloud" and version "2019"
patch_i
Affected
Kaspersky
Search vendor "Kaspersky"
Security Cloud
Search vendor "Kaspersky" for product "Security Cloud"
2019
Search vendor "Kaspersky" for product "Security Cloud" and version "2019"
patch_j
Affected
Kaspersky
Search vendor "Kaspersky"
Security Cloud
Search vendor "Kaspersky" for product "Security Cloud"
2020
Search vendor "Kaspersky" for product "Security Cloud" and version "2020"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Total Security
Search vendor "Kaspersky" for product "Total Security"
2019
Search vendor "Kaspersky" for product "Total Security" and version "2019"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Total Security
Search vendor "Kaspersky" for product "Total Security"
2019
Search vendor "Kaspersky" for product "Total Security" and version "2019"
patch_f
Affected
Kaspersky
Search vendor "Kaspersky"
Total Security
Search vendor "Kaspersky" for product "Total Security"
2019
Search vendor "Kaspersky" for product "Total Security" and version "2019"
patch_i
Affected
Kaspersky
Search vendor "Kaspersky"
Total Security
Search vendor "Kaspersky" for product "Total Security"
2019
Search vendor "Kaspersky" for product "Total Security" and version "2019"
patch_j
Affected
Kaspersky
Search vendor "Kaspersky"
Total Security
Search vendor "Kaspersky" for product "Total Security"
2020
Search vendor "Kaspersky" for product "Total Security" and version "2020"
-
Affected