What is CVE-2015-4047?

CVE-2015-4047 is a vulnerability in F5 Big-ip_access_policy_manager, classified under NULL Pointer Dereference. Published 2015-05-29.

Is CVE-2015-4047 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

NULL pointer dereference in F5 Big-ip_access_policy_manager

CVE-2015-4047

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

EPSS: 0.027 (86.1th percentile) — read the EPSS interpretation.

Affected products

F5 Big-ip_access_policy_manager — versions 13.0.0
F5 Big-ip_advanced_firewall_manager — versions 13.0.0
F5 Big-ip_analytics — versions 13.0.0
F5 Big-ip_application_acceleration_manager — versions 13.0.0
F5 Big-ip_application_security_manager — versions 13.0.0
F5 Big-ip_domain_name_system — versions 13.0.0
F5 Big-ip_edge_gateway
F5 Big-ip_global_traffic_manager
F5 Big-ip_link_controller — versions 13.0.0
F5 Big-ip_local_traffic_manager — versions 13.0.0

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

Public proof-of-concept exploits

andir/nixos-issue-db-example

References

DSA-3272 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
20150520 Re: 0-day Denial of Service in IPsec-Tools (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
FEDORA-2015-8968 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
20150519 0-day Denial of Service in IPsec-Tools (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
FEDORA-2015-8948 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
1032397 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
[oss-security] 20150519 CVE Request: ipsec-tools (mailing-list, x_refsource_MLIST, Exploit, Mailing List, Third Party Advisory)
74739 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-4047?: CVE-2015-4047 is a vulnerability in F5 Big-ip_access_policy_manager, classified under NULL Pointer Dereference. Published 2015-05-29.
Is CVE-2015-4047 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.