Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-6156

EPSS 0.39% · P60
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-6156

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款F5产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP LTM等都是美国F5公司的产品。F5 BIG-IP LTM是一款本地流量管理器;BIG-IP AAM是一款应用程序加速管理器。 多款F5产品中存在安全漏洞。当系统配置有通配符IPSec通道端点时,远程攻击者可通过获取必要的证书利用该漏洞中断或冒充通道。以下产品和版本受到影响:F5 BIG-IP LTM 12.1.0版本至12.1.1版本,11.6.0版本至11.6.1版本,11.5.1版本至11.5.5版本,11.2.1版本;BIG-IP AAM 12.1.0版本至12.1.1版本,1
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
F5 Networks, Inc.BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) 12.1.0-12.1.1 -

II. Public POCs for CVE-2017-6156

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-6156

登录查看更多情报信息。

Same Patch Batch · F5 Networks, Inc. · 2018-04-13 · 10 CVEs total

CVE-2017-6143F5 BIG-IP AFM和ASM 安全漏洞
CVE-2017-6148多款F5产品安全漏洞
CVE-2017-6155多款F5产品安全漏洞
CVE-2017-6158多款F5产品Traffic Management Microkernel 安全漏洞
CVE-2018-5506多款F5产品apache_auth_token_mod和mod_auth_f5_auth_token.cpp Apache模块安全漏洞
CVE-2018-5507多款F5产品安全漏洞
CVE-2018-5508F5 BIG-IP PEM 安全漏洞
CVE-2018-5510多款F5产品Traffic Management Microkernel 安全漏洞
CVE-2018-5511多款F5产品安全漏洞

IV. Related Vulnerabilities

Same product: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)
Same vendor: F5 Networks, Inc.

V. Comments for CVE-2017-6156

No comments yet

Leave a comment