An attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. (CVE-2019-6665)
Impact
BIG-IP ASM / BIG-IQ / Enterprise Manager / F5 iWorkflow
With access to the authentication token, the attacker will be able to impersonate the BIG-IP ASM Central Policy Builder and send corrupted or incorrect suggestion data to the BIG-IQ/Enterprise Manager/F5 iWorkflow. This may lead to incorrect policy building suggestions or a partial denial-of-service (DoS).
BIG-IP (LTM, AAM, AFM, Analytics, APM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) / Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.