CVE-2019-1853 Information
Feb 14, 2021
cve
Description
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://www.securityfocus.com/bid/108364 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-read
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: