Vulnerability in Cisco AnyConnect Secure Mobility Client for Android Allows Service Hijack Attack and DoS

Vulnerability in Cisco AnyConnect Secure Mobility Client for Android Allows Service Hijack Attack and DoS

CVE-2019-16007 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Learn more about our Cis Benchmark Audit For Cisco.