Lucene search

CiscoCVELIST:CVE-2019-16007

HistorySep 23, 2020 - 12:26 a.m.

CVE-2019-16007 Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

2020-09-2300:26:45

CWE-345

cisco

www.cve.org

cisco anyconnect

android

service hijack

vulnerability

dos

CVSS3

5.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

CNA Affected

[
  {
    "product": "Cisco AnyConnect Secure Mobility Client",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack

CVSS3

5.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Related for CVELIST:CVE-2019-16007