CVE-2019-16007 MEDIUM

CVE-2019-16007: Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

Vendor Cisco
Product Cisco AnyConnect Secure Mobility Client
Weakness CWE-345
Published September 23, 2020
Last update November 13, 2024

CVSS base score

5.9/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Key dates

02Disclosure timeline

September 23, 2020 CVE published
November 13, 2024 Record updated