Cyber Resilience

CVE-2022-27534

Critical

Published: 01 April 2022

Published
01 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0060 70.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27534 is a critical-severity an unspecified weakness vulnerability in Kaspersky Anti-Virus. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 29.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits:…

more

Georgy Zaytsev (Positive Technologies).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

kaspersky
anti-virus
≤ 12.03.2022
kaspersky
endpoint security
≤ 12.03.2022
kaspersky
internet security
≤ 12.03.2022
kaspersky
security cloud
≤ 12.03.2022
kaspersky
small office security
≤ 12.03.2022
kaspersky
total security
≤ 12.03.2022

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References