F5 BIG-IQ is vulnerable to an input validation attack that allows an authenticated user to increase their privileges to that of another user. This allows an authenticated user with 0 roles to take on the roles of, say, admin or root. The user could then change the password of any other user (without logging out). If SSH is enabled (which is by default), then the user could change the root user’s password and log in over SSH.
more here......http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html
more here......http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html