First published: Wed May 15 2019(Updated: )
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-read
Credit: Robert Scott.
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco AnyConnect Secure Mobility Client |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of cisco-sa-20190515-anyconnectclient-oob-read is considered high due to its potential to allow unauthorized access to sensitive information.
To fix cisco-sa-20190515-anyconnectclient-oob-read, you should upgrade to the latest version of Cisco AnyConnect Secure Mobility Client where the vulnerability has been addressed.
The systems affected by cisco-sa-20190515-anyconnectclient-oob-read are those running the host scan component of Cisco AnyConnect Secure Mobility Client for Linux.
Yes, cisco-sa-20190515-anyconnectclient-oob-read can be exploited by an unauthenticated remote attacker.
The vulnerability cisco-sa-20190515-anyconnectclient-oob-read may allow an attacker to read sensitive information stored on the affected system.