This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through theBIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services,and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.
The security bug involves a remote code execution (RCE) vulnerability in the management interface of BIG-IP known as the Traffic Management User Interface (TMUI). It was noticed from the mitigation rule in Apache httpd that a possible way to exploit this vulnerability involves a HTTP GET request containing semicolon character in the URI. In a Linux command line, a semi-colon signals to the interpreter that a command line has finished, and it is a character the vulnerability needs to be triggered. To further analysis, the tested IoT botnet author can add a scanning capability to existing and/or new malware variants via this Yara rule