An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Credits
F5 acknowledges researchers who would like to remain anonymous for bringing this issue to our attention and following the highest standards of coordinated disclosure.
