Security Advisory Description
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. (CVE-2023-38419)
Impact
The iControl SOAP daemon becomes unresponsive. This vulnerability allows an authenticated attacker with at least guest role privileges to send undisclosed requests and cause a denial-of-service (DoS) of the iControl SOAP service. There is no data plane exposure; this is a control plane issue only.