CVE-2022-27947 An attacker can execute commands on R8500 devices with the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter set to shell metacharacters.

CVE-2022-27947 An attacker can execute commands on R8500 devices with the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter set to shell metacharacters.

CVE-2016-3142 Cisco AnyConnect Secure Mobility Client before 2.2.15, when Internet Protocol version 6 (IPv6) is enabled and a RADIUS server is configured, allows remote attackers to hijack the authentication prompt via a crafted response.

CVE-2016-3131 Cisco AnyConnect Secure Mobility Client before 2.2.15 does not enforce message signing requirements for incoming requests, which allows remote attackers to hijack requests via a crafted message.

CVE-2016-3057 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.

CVE-2016-3056 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.

CVE-2016-3055 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure) via crafted request data.

CVE-2016-3054 Cisco AnyConnect Secure Mobility Client before 2.2.13, when Internet Protocol version 6 (IPv6) is enabled, allows remote attackers to cause a denial of service (connection failure)

How to fix the vulnerability?

The vulnerability can be fixed by updating Cisco AnyConnect Secure Mobility Client to version 2.2.15 or later.

How do I detect if I'm vulnerable?

There are a few ways to detect if you are vulnerable.

If you're using Cisco AnyConnect Secure Mobility Client before 2.2.15, your system may be vulnerable if you're using IPv6 and have a RADIUS server configured.
If your system is running a version of Cisco AnyConnect Secure Mobility Client before 2.2.13, it may be vulnerable if you have Internet Protocol version 6 enabled and the client is configured to use IPv6.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe