CVE-2016-5736 in BIG-IPinformazioni

Riassunto

di MITRE

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

21/06/2016

Divulgazione

19/08/2016

Moderazione

accettato

CPE

pronto

EPSS

0.02267

KEV

no

Attività

molto basso

Settore

Pharma, Transportation, ...

Fonti

MITREhttps://www.cve.org/CVERecord?id=CVE-2016-5736
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-5736
CVE Detailshttps://www.cvedetails.com/cve/CVE-2016-5736/

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!