An authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. (CVE-2021-22974).
Impact
An attacker can exploit the vulnerability to obtain restricted information, modify files, or cause a denial-of-service (DoS).