CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16007

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.3%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 5.8

References

Products affected by CVE-2019-16007

Cisco » Anyconnect Secure Mobility Client » Version: 2.4.7030

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.7030
Cisco » Anyconnect Secure Mobility Client » Version: 2.4.7073

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.7073
Cisco » Anyconnect Secure Mobility Client » Version: 2.5.5116

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5116
Cisco » Anyconnect Secure Mobility Client » Version: 2.5.5118

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5118
Cisco » Anyconnect Secure Mobility Client » Version: 2.5.5125

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5125
Cisco » Anyconnect Secure Mobility Client » Version: 2.5.5131

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5131
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.00820

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.00820

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16007

Products

Pricing

Contact Us