F5 Networks BIG-IP : BIG-IP IPsec tunnel endpoint vulnerability (K05263202)
Medium Nessus Plugin ID 118623
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen the BIG-IP system is configured with a wildcard IPsec tunnel
endpoint, it may allow a remote attacker to disrupt or impersonate the
tunnels that have completed phase 1 IPsec negotiations. The attacker
must possess the necessary credentials to negotiate the phase 1 of the
IPsec exchange to exploit this vulnerability; in many environments,
this limits the attack surface to other endpoints under the same
A remote attacker may be able to disrupt or impersonate the tunnels
that have completed phase 1 IPsec negotiations.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5