CVE-2019-16007

CWE-3454 documents4 sources
Severity
7.1HIGH
EPSS
0.3%
top 49.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Anyconnect Secure Mobility ClientCisco Cisco Anyconnect Secure Mobility Client
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-prgx-65ww-w7j5: A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attack2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability2020-09-23

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability2020-01-08