CVE-2016-3142 Cisco AnyConnect Secure Mobility Client before 2.2.15, when Internet Protocol version 6 (IPv6) is enabled and a RADIUS server is configured, allows remote attackers to hijack the authentication prompt via a crafted response.
CVE-2016-3131 Cisco AnyConnect Secure Mobility Client before 2.2.15 does not enforce message signing requirements for incoming requests, which allows remote attackers to hijack requests via a crafted message.
CVE-2016-3057 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.
CVE-2016-3056 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.
CVE-2016-3055 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.
CVE-2016-3054 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure)
How to fix the vulnerability?
The vulnerability can be fixed by updating Cisco AnyConnect Secure Mobility Client to version 2.2.15 or later.
How do I detect if I'm vulnerable?
There are a few ways to detect if you are vulnerable.
If you're using Cisco AnyConnect Secure Mobility Client before 2.2.15, your system may be vulnerable if you're using IPv6 and have a RADIUS server configured.
If your system is running a version of Cisco AnyConnect Secure Mobility Client before 2.2.13, it may be vulnerable if you have Internet Protocol version 6 enabled and the client is configured to use IPv6.
Timeline
Published on: 03/26/2022 17:15:00 UTC
Last modified on: 03/31/2022 00:59:00 UTC