When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required Low
Scope Unchanged
Confidentiality Impact Low
Integrity Impact Low
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:M/Au:S/C:P/I:P/A:P
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K05263202 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2018-04-12T00:00:00
Updated: 2018-04-13T12:57:01
Reserved: 2017-02-21T00:00:00
Link: CVE-2017-6156
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-13T13:29:00.377
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-6156
JSON object: View
Redhat Information
No data.
CWE