#VU38422 Missing Encryption of Sensitive Data in Kaspersky Internet Security - CVE-2017-12817


| Updated: 2020-08-08

Vulnerability identifier: #VU38422

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-12817

CWE-ID: CWE-311

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kaspersky Internet Security
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Kaspersky Lab

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Kaspersky Internet Security: 11.12.4.1622

External links
https://www.securityfocus.com/bid/100504
https://support.kaspersky.com/vulnerability.aspx?el=12430#090817

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Kaspersky Internet Security