This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
Security Advisory Status
F5 Product Development has assigned IDs 1033837, 1051561, and 1052837 (BIG-IP) to this vulnerability. This issue has been classified as CWE-306: Missing Authentication for Critical Function.