CVE-2019-16007

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Severity	HIGH
CVSS	7.1
CWE	CWE-345
KEV
Published	5 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Secure Client	cisco-sa-20200108-anyconnect-hijack
Cisco AnyConnect Secure Mobility Client	cisco-sa-20200108-anyconnect-hijack