Security Advisory Description
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. (CVE-2023-28742)
Impact
This vulnerability may allow an authenticated attacker with network access to the DNS iQuery mesh through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
Note: The impacted component,big3d, may be present on a BIG-IP system being monitored by a BIG-IP DNS cluster.