Lucene search

CiscoCVELIST:CVE-2019-1853

HistoryMay 16, 2019 - 1:20 a.m.

CVE-2019-1853 Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability

2019-05-1601:20:28

CWE-125

cisco

www.cve.org

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.

CNA Affected

[
  {
    "product": "Cisco AnyConnect Secure Mobility Client",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108364

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-read

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Related for CVELIST:CVE-2019-1853