CVE-2019-15689
MEDIUMKaspersky Secure Connection/Internet Security/Total Security/Security Cloud - Unauthenticated Arbitrary Code Execution
Title source: llmDescription
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
References (3)
Core 3
Core References
Broken Link x_refsource_confirm
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219
Exploit, Third Party Advisory
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Potential-Abuses-CVE-2019-15689
Third Party Advisory
https://www.symantec.com/security-center/vulnerabilities/writeup/111033
Scores
CVSS v3
6.7
EPSS
0.0077
EPSS Percentile
50.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (7)
kaspersky/kaspersky_internet_security
2019 (4 CPE variants)
kaspersky/secure_connection
3.0
kaspersky/secure_connection
4.0
kaspersky/security_cloud
2019 (3 CPE variants)
kaspersky/security_cloud
2020
kaspersky/total_security
2019 (4 CPE variants)
kaspersky/total_security
2020
Published
Dec 02, 2019
Tracked Since
Feb 18, 2026