F5 announced patches for BIG-IP to fix a high priority authentication bypass vulnerability in APM AD auth.
An APM access policy configured with AD authentication and SSO (single sign-on) agent could be vulnerable to attacks where a spoofed credential can result in local administrator access.
System administrators are urged to update BIG-IP as soon as possible.
BIG-IP APM AD authentication vulnerability CVE-2021-23008
BIG-IP update and upgrade guide
Frequently asked questions for upgrade and update videos