The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
August 4, 2022 By Tara Seals
A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky's VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim's computer.
Tracked as CVE-2022-27535, the bug carries a high-severity CVSS score of 7.8 out of 10, according to an advisory out today from Synopsys, which discovered the issue. It exists in the Support Tools part of the application, and would allow an authenticated attacker to trigger arbitrary file deletion in the system.
