CVE-2017-6156: When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote…

medium6.4CVSS 3.0

AVNACHPRLUINSUCLILAH

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.

Affected

65 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	—	—
f5	big-ip_access_policy_manager	—	—
f5	big-ip_access_policy_manager	11.5.1 – 11.5.5	—
f5	big-ip_access_policy_manager	12.1.0 – 12.1.1	—
f5	big-ip_advanced_firewall_manager	—	—
f5	big-ip_advanced_firewall_manager	—	—
f5	big-ip_advanced_firewall_manager	11.5.1 – 11.5.5	—
f5	big-ip_advanced_firewall_manager	12.1.0 – 12.1.1	—
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	11.5.1 – 11.5.5	—
f5	big-ip_analytics	12.1.0 – 12.1.1	—
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	—	—
f5	big-ip_application_acceleration_manager	—	—
f5	big-ip_application_acceleration_manager	11.5.1 – 11.5.5	—
f5	big-ip_application_acceleration_manager	12.1.0 – 12.1.1	—
f5	big-ip_application_security_manager	—	—
f5	big-ip_application_security_manager	—	—
f5	big-ip_application_security_manager	11.5.1 – 11.5.5	—
f5	big-ip_application_security_manager	12.1.0 – 12.1.1	—
f5	big-ip_asm	—	—