When the BIG-IP system is configured with a wildcard IPsec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPsec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPsec exchange to exploit this vulnerability; in many environments, this limits the attack surface to other endpoints under the same administration. (CVE-2017-6156)
Impact
A remote attacker may be able to disrupt or impersonate the tunnels that have completed phase 1 IPsec negotiations.