Lucene search

CiscoCVELIST:CVE-2019-1853

HistoryMay 15, 2019 - 12:00 a.m.

CVE-2019-1853 Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability

2019-05-1500:00:00

CWE-125

cisco

www.cve.org

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.

CNA Affected

[
  {
    "product": "Cisco AnyConnect Secure Mobility Client ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108364

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-read

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVELIST:CVE-2019-1853