CVE-2019-15688

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.

CVSS v3 6.1 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1	Vendor Advisory
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kaspersky:anti-virus::::::::
	cpe:2.3:a:kaspersky:anti-virus:::::free:::*
	cpe:2.3:a:kaspersky:internet_security::::::::
	cpe:2.3:a:kaspersky:security_cloud::::::::
	cpe:2.3:a:kaspersky:small_office_security::::::::
	cpe:2.3:a:kaspersky:total_security::::::::

History

21 Nov 2024, 04:29

Type	Values Removed	Values Added
References	~~() https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 - Vendor Advisory~~	() https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 - Vendor Advisory

Information

Published : 2019-11-26 16:15

Updated : 2024-11-21 04:29

NVD link : CVE-2019-15688

Mitre link : CVE-2019-15688

CVE.ORG link : CVE-2019-15688

JSON object : View

Products Affected

kaspersky

security_cloud
small_office_security
total_security
internet_security
anti-virus

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2019-15688", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-11-26T16:15:12.243", "references": [{"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1", "tags": ["Vendor Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."}, {"lang": "es", "value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no inform\u00f3 adecuadamente al usuario sobre la amenaza de redireccionar a un sitio no seguro . Omisi\u00f3n."}], "lastModified": "2024-11-21T04:29:15.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8765E8CA-25D7-45C4-A2B6-3E1CAB48D4BC", "versionEndIncluding": "2020"}, {"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:free:*:*:*", "vulnerable": true, "matchCriteriaId": "EE131770-352E-4D9A-BE68-AA02736FBC8A", "versionEndIncluding": "2020"}, {"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09282512-31CB-4248-B57A-9CC77ED62642", "versionEndIncluding": "2020"}, {"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03CD0D9A-0787-4123-821D-89FB247FE002", "versionEndIncluding": "2020"}, {"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B11ACD5-3CFA-45EB-8505-D686EBB1E5FC", "versionEndIncluding": "7"}, {"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1EF32C-3E9E-4CC6-90E0-D992FDEE984A", "versionEndIncluding": "2020"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerability@kaspersky.com"}