The Synopsys Cybersecurity Research Center (CyRC) team has identified a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.
In the Support Tools part of the application, a regular user can use Delete service data and reports to remove a privileged folder. Based on this capability, an attacker can leverage Arbitrary Folder Delete to SYSTEM EoP to gain SYSTEM privileges, Synopsys researchers say.
According to Synopsys, the affected software includes Kaspersky VPN Secure Connection 220.127.116.111 (h), and the vulnerability has a CVSS score of 7.8. To remediate, Synopsys is urging Kaspersky users to upgrade their software to version 18.104.22.1683 or later.
Jonathan Knudsen, Head of Global Research at Synopsys Cybersecurity Research Center, explains that an attacker could somehow gain “access to a victim’s computer, whether through social engineering or some other technique. If the victim’s computer had a vulnerable version of the Kaspersky VPN on it, the attacker could then use the vulnerability to gain administrative privileges, at which point the attacker would have full control over the victim’s computer.”
A fully compromised computer would allow an attacker access to websites, credentials, files, and other sensitive information that could be useful by itself or in moving laterally inside a corporate network, Knudsen explains.
“We haven’t seen any exploitation of this vulnerability. Most likely, attackers will take note of it as a possible technique for elevation of privilege after access has been gained to a victim’s computer,” Knudsen says. “So, how does this fit in with VPN security trends as a whole? Software is software, no matter where it runs, even when it is security software like a VPN. All software has vulnerabilities; the key to releasing better, more secure software is using a holistic approach throughout the software development cycle.”
For more information, visit synopsys.com.