Forum Discussion
This is very good document for reference: https://devcentral.f5.com/s/articles/Traffic-Management-User-Interface-Vulnerability-How-to-fix-it?srcHeader
Kb Article : https://support.f5.com/csp/article/K52145254
Samir, I have already gone through this document but this does not answer my query. One of my colleagues spoke to TAC and narrated me that as per TAC this vulnerability may allow (let's say an L1 engineer) with no actual rights to modify the services, can actually modify them.
- nmb-AskF5Jul 13, 2020Employee
This is noted in the official Security Advisory, as of last week:
"Note: Authenticated users will still be able to exploit the vulnerability, independent of their privilege level."
Please refer to the official Security Advisory on AskF5 linked above for more detail on how to install a point release to patch the vulnerability. Thanks!