CVE-2020-25045

HIGH

Kaspersky Security Center < 12 - Uncontrolled Search Path

Title source: rule

Description

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.

References (1)

[Broken Link] https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

kaspersky/security_center < 12

kaspersky/security_center_web_console < 12

Timeline

Published Sep 02, 2020

Tracked Since Feb 18, 2026