CVE number = CVE-2021-22986
The iControl REST interface has an unauthenticated remote command execution vulnerability.
This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.
Note: If you believe your system may have been compromised, refer to K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system.
To determine if your product and version have been evaluated for this vulnerability please click here – https://support.f5.com/csp/article/K03009991