CVE-2024-13614

Description

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.

Remediation

Solution:

  • To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions.
  • Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud
  • The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
  • The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Vendor Advisory kaspersky.com
Affected: Kaspersky Kaspersky Anti-Virus SDK for Windows
Affected: Kaspersky Kaspersky Security for Virtualization Light Agent
Affected: Kaspersky Kaspersky Endpoint Security for Windows
Affected: Kaspersky Kaspersky Small Office Security
Affected: Kaspersky Kaspersky for Windows (Standard, Plus, Premium)
Affected: Kaspersky Kaspersky Free
Affected: Kaspersky Kaspersky Anti-Virus
Affected: Kaspersky Kaspersky Internet Security
Affected: Kaspersky Kaspersky Security Cloud
Affected: Kaspersky Kaspersky Safe Kids
Affected: Kaspersky Kaspersky Anti-Ransomware Tool
Published at:
Updated at:

References

Link Tags
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-13614?
CVE-2024-13614 has been scored as a medium severity vulnerability.
How to fix CVE-2024-13614?
To fix CVE-2024-13614: To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions.
Is CVE-2024-13614 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-13614 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-13614?
CVE-2024-13614 affects Kaspersky Kaspersky Anti-Virus SDK for Windows, Kaspersky Kaspersky Security for Virtualization Light Agent, Kaspersky Kaspersky Endpoint Security for Windows, Kaspersky Kaspersky Small Office Security, Kaspersky Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Kaspersky Free, Kaspersky Kaspersky Anti-Virus, Kaspersky Kaspersky Internet Security, Kaspersky Kaspersky Security Cloud, Kaspersky Kaspersky Safe Kids, Kaspersky Kaspersky Anti-Ransomware Tool.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.