When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. (CVE-2022-35243)
Impact
In Appliance mode, an authenticated user with valid user credentials assigned the Administrator role may be able to bypass Appliance mode restrictions. This is a control plane issue; there is no data plane exposure. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances.
For more information about Appliance mode, refer to K12815: Overview of Appliance mode.