A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. (CVE-2022-29474)
Impact
An authenticated attacker with at least guest role privileges may exploit this vulnerability by sending a crafted request to iControl SOAP. If the exploit is successful, an attacker can read wsdl files in the BIG-IP file system. There is no data plane exposure; this is a control plane issue only.