How severe is CVE-2019-16007?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2019-16007?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2019-16007 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Related Vulnerabilities

CVE-2015-8254

MEDIUM

CVSS:5.9(Medium)

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) ...

CWE-3452015

CVE-2019-18905

MEDIUM

CVSS:5.9(Medium)

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when depreca...

CWE-3452019

CVE-2019-5291

MEDIUM

CVSS:5.9(Medium)

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets,...

CWE-3452019

CVE-2021-38597

MEDIUM

CVSS:5.9(Medium)

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

CWE-3452021

CVE-2022-39199

MEDIUM

CVSS:5.9(Medium)

immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to differe...

CWE-3452022

CVE-2023-46445

MEDIUM

CVSS:5.9(Medium)

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

CWE-3452023