A vulnerability has been discovered in F5 BIG-IP Next Central Manager that could allow for remote code execution. BIG-IP Next Central Manager is the management and application orchestration platform used to control BIG-IP Next instances. It can be installed on dedicated hardware or virtualized through VMware ESXi. Successful exploitation of this vulnerability could allow for Remote Code Execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services accounts that are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More