Lucene search
F5F5:K10133477HistoryAug 10, 2016 - 12:00 a.m.
K10133477 : BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736
2016-08-1000:00:00
my.f5.com
16
0.002 Low
EPSS
Percentile
53.3%
Security Advisory Description
The anonymous IPsec IKE peer configuration object is present and enabled in the default configuration. The settings of the anonymous IPsec IKE peer object allow an arbitrary peer to establish IKE phase 1 without certificate validation or a pre-shared key which may expose phase 2 negotiations to a brute force attack. (CVE-2016-5736)
Impact
For BIG-IP systems configured with IPsec tunnels, the default anonymous IPsec IKE peer configuration can allow a remote attacker to cause a denial-of-service (DoS) attack or inject traffic into local networks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 |
Related
f5
f5
SOL10133477 - BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736
2016-08-10 00:00:00
openvas
openvas
F5 BIG-IP - BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736
2016-08-12 00:00:00
cvelist
cvelist
CVE-2016-5736
2016-08-19 21:00:00
nessus
nessus
nvd
nvd
CVE-2016-5736
2016-08-19 21:59:12
cve
cve
CVE-2016-5736
2016-08-19 21:59:12
prion
prion
Default configuration
2016-08-19 21:59:00