CVE-2019-15689
First published: Mon Dec 02 2019(Updated: )
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kaspersky Internet Security 2010 | =2019 | |
| Kaspersky Internet Security 2010 | =2019-patch_f | |
| Kaspersky Internet Security 2010 | =2019-patch_i | |
| Kaspersky Internet Security 2010 | =2019-patch_j | |
| Kaspersky VPN Secure Connection | =3.0 | |
| Kaspersky VPN Secure Connection | =4.0 | |
| Kaspersky Security Cloud | =2019 | |
| Kaspersky Security Cloud | =2019-patch_i | |
| Kaspersky Security Cloud | =2019-patch_j | |
| Kaspersky Security Cloud | =2020 | |
| Kaspersky Total Security 2015 | =2019 | |
| Kaspersky Total Security 2015 | =2019-patch_f | |
| Kaspersky Total Security 2015 | =2019-patch_i | |
| Kaspersky Total Security 2015 | =2019-patch_j | |
| Kaspersky Total Security 2015 | =2020 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15689?
CVE-2019-15689 has a medium severity rating due to the potential for local users to execute arbitrary code.
How do I fix CVE-2019-15689?
To fix CVE-2019-15689, update your Kaspersky software to the latest version or patch provided by Kaspersky.
What versions of Kaspersky are affected by CVE-2019-15689?
CVE-2019-15689 affects Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, and Kaspersky Security Cloud prior to version 2020 patch E.
What kind of attack does CVE-2019-15689 enable?
CVE-2019-15689 enables local users with administrator rights to execute arbitrary code through compromised files.
Is there a workaround for CVE-2019-15689 while waiting for a fix?
There is no official workaround for CVE-2019-15689; the best solution is to apply the available software updates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/kaspersky
- canonical/kaspersky internet security 2010
- version/kaspersky internet security 2010/2019
- version/kaspersky internet security 2010/2019-patch_f
- version/kaspersky internet security 2010/2019-patch_i
- version/kaspersky internet security 2010/2019-patch_j
- canonical/kaspersky vpn secure connection
- version/kaspersky vpn secure connection/3.0
- version/kaspersky vpn secure connection/4.0
- canonical/kaspersky security cloud
- version/kaspersky security cloud/2019
- version/kaspersky security cloud/2019-patch_i
- version/kaspersky security cloud/2019-patch_j
- version/kaspersky security cloud/2020
- canonical/kaspersky total security 2015
- version/kaspersky total security 2015/2019
- version/kaspersky total security 2015/2019-patch_f
- version/kaspersky total security 2015/2019-patch_i
- version/kaspersky total security 2015/2019-patch_j
- version/kaspersky total security 2015/2020