Security Advisory Description
Incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator role privilege to view sensitive information. (CVE-2023-22326)
Impact
An authenticated attacker with resource administrator role privilege may exploit these vulnerabilities by sending a crafted request remotely through iControl REST and locally through a crafted tmsh command. If the exploit is successful, an attacker can view sensitive information. There is no data plane exposure; this is a control plane issue only.