Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
CVE-2019-1853

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Anyconnect Secure Mobility Client
Vendor: CVE Published:; 16 May 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.

Affected Version(s)

Cisco AnyConnect Secure Mobility Client < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108364

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 16, 2019
Vulnerability Reserved
Dec 6, 2018