CVE-2017-6156 | Date: (C)2018-04-24 (M)2023-12-22 |
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 6.4 | CVSS Score : 6.0 |
Exploit Score: 1.6 | Exploit Score: 6.8 |
Impact Score: 4.7 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: HIGH | Access Complexity: MEDIUM |
Privileges Required: LOW | Authentication: SINGLE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: LOW | Availability: PARTIAL |
Integrity: LOW | |
Availability: HIGH | |
| |