An authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. (CVE-2022-28695)
Impact
This vulnerability may allow an authenticated high-privilege attacker who has network access to the Configuration utility through the BIG-IP management port or self IP addresses to run arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.