Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-6156

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.

  • Published: Apr 13, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-6156
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
f5 / big-ip_local_traffic_manager 11.6.1 11.6.1.x
f5 / big-ip_local_traffic_manager 11.2.1 11.2.1.x
f5 / big-ip_local_traffic_manager 11.5.1 11.5.5.x
f5 / big-ip_local_traffic_manager 12.1.0 12.1.1.x
f5 / big-ip_application_acceleration_manager 11.6.1 11.6.1.x
f5 / big-ip_application_acceleration_manager 11.2.1 11.2.1.x
f5 / big-ip_application_acceleration_manager 11.5.1 11.5.5.x
f5 / big-ip_application_acceleration_manager 12.1.0 12.1.1.x
f5 / big-ip_advanced_firewall_manager 11.2.1 11.2.1.x
f5 / big-ip_advanced_firewall_manager 11.6.1 11.6.1.x
f5 / big-ip_advanced_firewall_manager 11.5.1 11.5.5.x
f5 / big-ip_advanced_firewall_manager 12.1.0 12.1.1.x
f5 / big-ip_analytics 11.2.1 11.2.1.x
f5 / big-ip_analytics 11.6.1 11.6.1.x
f5 / big-ip_analytics 11.5.1 11.5.5.x
f5 / big-ip_analytics 12.1.0 12.1.1.x
f5 / big-ip_access_policy_manager 11.2.1 11.2.1.x
f5 / big-ip_access_policy_manager 11.6.1 11.6.1.x
f5 / big-ip_access_policy_manager 11.5.1 11.5.5.x
f5 / big-ip_access_policy_manager 12.1.0 12.1.1.x
f5 / big-ip_application_security_manager 11.6.1 11.6.1.x
f5 / big-ip_application_security_manager 11.2.1 11.2.1.x
f5 / big-ip_application_security_manager 11.5.1 11.5.5.x
f5 / big-ip_application_security_manager 12.1.0 12.1.1.x
f5 / big-ip_edge_gateway 11.2.1 11.2.1.x
f5 / big-ip_edge_gateway 11.6.1 11.6.1.x
f5 / big-ip_edge_gateway 11.5.1 11.5.5.x
f5 / big-ip_edge_gateway 12.1.0 12.1.1.x
f5 / big-ip_global_traffic_manager 11.6.1 11.6.1.x
f5 / big-ip_global_traffic_manager 11.2.1 11.2.1.x
f5 / big-ip_global_traffic_manager 11.5.1 11.5.5.x
f5 / big-ip_global_traffic_manager 12.1.0 12.1.1.x
f5 / big-ip_link_controller 11.6.1 11.6.1.x
f5 / big-ip_link_controller 11.2.1 11.2.1.x
f5 / big-ip_link_controller 11.5.1 11.5.5.x
f5 / big-ip_link_controller 12.1.0 12.1.1.x
f5 / big-ip_policy_enforcement_manager 11.6.1 11.6.1.x
f5 / big-ip_policy_enforcement_manager 11.2.1 11.2.1.x
f5 / big-ip_policy_enforcement_manager 11.5.1 11.5.5.x
f5 / big-ip_policy_enforcement_manager 12.1.0 12.1.1.x
f5 / big-ip_webaccelerator 11.2.1 11.2.1.x
f5 / big-ip_webaccelerator 11.6.1 11.6.1.x
f5 / big-ip_webaccelerator 11.5.1 11.5.5.x
f5 / big-ip_webaccelerator 12.1.0 12.1.1.x
f5 / big-ip_websafe 11.6.1 11.6.1.x
f5 / big-ip_websafe 11.2.1 11.2.1.x
f5 / big-ip_websafe 11.5.1 11.5.5.x
f5 / big-ip_websafe 12.1.0 12.1.1.x
f5 / big-ip_domain_name_system 11.6.1 11.6.1.x
f5 / big-ip_domain_name_system 11.2.1 11.2.1.x
f5 / big-ip_domain_name_system 11.5.1 11.5.5.x
f5 / big-ip_domain_name_system 12.1.0 12.1.1.x