IPSec Tunneling Vulnerability in F5 BIG-IP Products
CVE-2017-6156

6.4MEDIUM

Key Information:

Vendor: F5
Status: Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe)
Vendor: CVE Published:; 13 April 2018

What is CVE-2017-6156?

This vulnerability affects F5 BIG-IP systems when configured with wildcard IPSec tunnel endpoints. A remote attacker, armed with valid credentials, can disrupt or impersonate established tunnels that have completed phase 1 IPSec negotiations. This situation is particularly concerning as it limits the attack surface to endpoints managed within the same administrative domain, potentially exposing sensitive data and compromising network integrity.

Affected Version(s)

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.1

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.6.0-11.6.1

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 11.5.1-11.5.5

References

https://support.f5.com/csp/article/K05263202

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2018
Vulnerability Reserved
Feb 21, 2017