PT-2019-2290 · Cisco · Cisco Anyconnect Secure Mobility Client
Robert Scott
·
Published
2019-05-15
·
Updated
2019-10-09
·
CVE-2019-1853
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco AnyConnect Secure Mobility Client for Linux (affected versions not specified)
Description
A vulnerability in the HostScan component could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The issue exists due to improper bounds checks, allowing an attacker to exploit it by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. The vulnerability is related to a buffer overflow in memory, which can be exploited using specially crafted HTTP traffic.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Anyconnect Secure Mobility Client