First published: Thu May 16 2019(Updated: )
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Anyconnect Secure Mobility Client | =4.6\(2074\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1853 is a vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux that could allow an unauthenticated, remote attacker to read sensitive information on an affected system.
CVE-2019-1853 occurs due to improper bounds checks performed by the affected software.
The severity of CVE-2019-1853 is high, with a CVSS score of 7.5.
An attacker can exploit CVE-2019-1853 by sending specially crafted requests to the vulnerable system, allowing them to read sensitive information.
To fix CVE-2019-1853, users should upgrade to the latest version of Cisco AnyConnect Secure Mobility Client for Linux.