When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credits
F5 acknowledges Matei "Mal" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure.
