If this inquiry is in relation to the CVE, know that whether or not you're using iControl REST, it's by default accessible on the system on the management interface and self IPs if port 443 is allowed. If that's the case, 1) disable self IP access immediately if not patched, 2) protect/inspect/analyze for your internal management access, and 3) patch!!
iControl REST uses REpresentational State Transfer (REST) to interact with F5. It will help to quickly get up and running with scripts that can lighten your workload via automation, help prevent potential issues by monitoring and preventing disaster before it strikes, silently tuning your deployment to fit your application’s needs without human intervention and more. Anything that you’re able to accomplish from the command line you can leverage programmatically via iControl REST.