CVE-2019-1853— Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-1853
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Linux HostScan组件缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco AnyConnect Secure Mobility Client for Linux是美国思科(Cisco)公司的一款基于Linux平台的可通过任何设备安全访问网络和应用的安全移动客户端。HostScan是其中的一个网络主机扫描组件。 基于Linux平台的Cisco AnyConnect Secure Mobility Client 4.6(2074)版本中的HostScan组件存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco AnyConnect Secure Mobility Client | unspecified ~ n/a | - |
II. Public POCs for CVE-2019-1853
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-1853
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-readvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-1853
Same Patch Batch · Cisco · 2019-05-16 · 18 CVEs total
| CVE-2019-1832 | Cisco Firepower Threat Defense Software Detection Engine Policy Bypass Vulnerability | |
| CVE-2019-1825 | Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerab | |
| CVE-2019-1824 | Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerab | |
| CVE-2019-1823 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution | |
| CVE-2019-1822 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution | |
| CVE-2019-1821 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution | |
| CVE-2019-1820 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera | |
| CVE-2019-1819 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera | |
| CVE-2019-1818 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera | |
| CVE-2019-1780 | Cisco FXOS and NX-OS Software Command Injection Vulnerability | |
| CVE-2019-1860 | Cisco Unified Intelligence Center Remote File Injection Vulnerability | |
| CVE-2019-1858 | Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnera | |
| CVE-2019-1851 | Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability | |
| CVE-2019-1849 | Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability | |
| CVE-2019-1846 | Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Deni | |
| CVE-2019-1833 | Cisco Firepower Threat Defense Software SSL/TLS Policy Bypass Vulnerability | |
| CVE-2019-1768 | Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco AnyConnect Secure Mobility Client
- CVE-2021-40124
Cisco AnyConnect Secure Mobility Client for Windows with Net - CVE-2021-34788
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS - CVE-2021-1567
Cisco AnyConnect Secure Mobility Client for Windows with VPN - CVE-2021-1568
Cisco AnyConnect Secure Mobility Client for Windows Denial o - CVE-2021-1519
Cisco AnyConnect Secure Mobility Client Profile Modification
Same vendor: Cisco
- CVE-2026-20224
Cisco Catalyst SD-WAN Manager XML External Entity Injection - CVE-2026-20210
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20209
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulne - CVE-2026-20219
Cisco Slido 安全漏洞
V. Comments for CVE-2019-1853
No comments yet