Security Advisory Description
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ system can upload arbitrary files using an undisclosed iControl REST endpoint. (CVE-2023-29240)
Impact
This vulnerability may allow an authenticated attacker with network access to iControl REST to create arbitrary files on the file system, limited to a single fixed directory. The attacker may be able to exhaust space on the mount point containing that directory and impact the ability of the administrator to create new configuration objects. There is no data plane exposure; this is a control plane issue only.