The BIG-IP CLI and Web Management Interface are vulnerable to a remote code-injection because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.
Important: The exploitation risk of this vulnerability is considered to be low, as exploitation requires the user to have a valid authenticated management session. A privileged user should not paste arbitrary or untrusted commands into the BIG-IP system.
Information about this advisory is available at the following location:
Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6474>
F5 Product Development tracked this issue as CR97806, and it was fixed in version 9.4.5. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, or WebAccelerator release notes.