A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. (CVE-2020-27719)
Impact
An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. When successfully exploiting this vulnerability in the context of an administrative user with access to the Advanced Shell (bash), an attacker can completely compromise the BIG-IP system through remote code execution.