Security Advisory Description
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced Shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. (CVE-2024-21782)
Impact
A local authenticated user can run arbitrary commands to gain access to restricted information, modify files, or cause a denial-of-service (DoS).