Last week F5 released an update to its BIG-IP product, patching a vulnerability affecting the iControl REST API. This is significant because there is a strong likelihood of abuse for remote code execution (RCE).
According to F5: This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
On their site, they provide recommended actions for patching. We want to stress the importance of network segmentation, as this particular item is likely to be abused if segmentation to the management interface on the device is not properly isolated.