← volver
CVE-2019-16007

Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

CVSS 5.9 MEDIUMEPSS 0.4%CWE-345
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
23 sep 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.
CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Productos afectados
Cisco · Cisco AnyConnect Secure Mobility Client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack