K08510472 : BIG-IP TMUI vulnerability CVE-2022-28695

Security Advisory Description

An authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. (CVE-2022-28695)

Impact

This vulnerability may allow an authenticated high-privilege attacker who has network access to the Configuration utility through the BIG-IP management port or self IP addresses to run arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.