CVE-2022-27534
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2022
Last modified:
08/04/2022
Description
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) | |
cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) | |
cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) | |
cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) | |
cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) | |
cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:* | 12.03.2022 (excluding) |
To consult the complete list of CPE names with products and versions, see this page