A cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. (CVE-2022-1389)
Impact
An attacker may exploit this vulnerability by causing an authenticated user to send a crafted request to the BIG-IP Configuration utility. If successful, an attacker can run a limited set of ping, traceroute, and WOM diagnostics commands. This is a control plane issue; there is no data plane exposure.