Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
https://www.theregister.com/2024/03/22/china_f5_connectwise_unc5174/
https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect
https://www.securityweek.com/attackers-exploiting-critical-f5-big-ip-vulnerability/