Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows

Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows

CVE-2022-27535 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

Learn more about our Web Application Penetration Testing UK.