7.5

CVE-2016-5736

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Webaccelerator Version11.2.1
F5Big-ip Analytics Version11.2.1
F5Big-ip Analytics Version11.4.0
F5Big-ip Analytics Version11.4.1
F5Big-ip Analytics Version11.5.0
F5Big-ip Analytics Version11.5.1
F5Big-ip Analytics Version11.5.2
F5Big-ip Analytics Version11.5.3
F5Big-ip Analytics Version11.5.4
F5Big-ip Analytics Version11.6.0
F5Big-ip Analytics Version12.0.0
F5Big-ip Domain Name System Version12.0.0
F5Big-ip Edge Gateway Version11.2.1
F5Big-ip Access Policy Manager Version11.2.1
F5Big-ip Access Policy Manager Version11.4.0
F5Big-ip Access Policy Manager Version11.4.1
F5Big-ip Access Policy Manager Version11.5.0
F5Big-ip Access Policy Manager Version11.5.1
F5Big-ip Access Policy Manager Version11.5.2
F5Big-ip Access Policy Manager Version11.5.3
F5Big-ip Access Policy Manager Version11.5.4
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Local Traffic Manager Version11.2.1
F5Big-ip Local Traffic Manager Version11.4.0
F5Big-ip Local Traffic Manager Version11.4.1
F5Big-ip Local Traffic Manager Version11.5.0
F5Big-ip Local Traffic Manager Version11.5.1
F5Big-ip Local Traffic Manager Version11.5.2
F5Big-ip Local Traffic Manager Version11.5.3
F5Big-ip Local Traffic Manager Version11.5.4
F5Big-ip Local Traffic Manager Version11.6.0
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Websafe Version11.6.0
F5Big-ip Websafe Version12.0.0
F5Big-ip Global Traffic Manager Version11.2.1
F5Big-ip Global Traffic Manager Version11.4.0
F5Big-ip Global Traffic Manager Version11.4.1
F5Big-ip Global Traffic Manager Version11.5.0
F5Big-ip Global Traffic Manager Version11.5.1
F5Big-ip Global Traffic Manager Version11.5.2
F5Big-ip Global Traffic Manager Version11.5.3
F5Big-ip Global Traffic Manager Version11.5.4
F5Big-ip Global Traffic Manager Version11.6.0
F5Big-ip Link Controller Version11.2.1
F5Big-ip Link Controller Version11.4.0
F5Big-ip Link Controller Version11.4.1
F5Big-ip Link Controller Version11.5.0
F5Big-ip Link Controller Version11.5.1
F5Big-ip Link Controller Version11.5.2
F5Big-ip Link Controller Version11.5.3
F5Big-ip Link Controller Version11.5.4
F5Big-ip Link Controller Version11.6.0
F5Big-ip Link Controller Version12.0.0
F5Big-ip Access Policy Manager Version11.2.1
F5Big-ip Access Policy Manager Version11.4.0
F5Big-ip Access Policy Manager Version11.4.1
F5Big-ip Access Policy Manager Version11.5.0
F5Big-ip Access Policy Manager Version11.5.1
F5Big-ip Access Policy Manager Version11.5.2
F5Big-ip Access Policy Manager Version11.5.3
F5Big-ip Access Policy Manager Version11.5.4
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Access Policy Manager Version12.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.13% 0.775
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securitytracker.com/id/1036618
Third Party Advisory
VDB Entry