From the advisory: "this is a control plane issue only.". In other words, it is an attack against the management interface. The important reminder for all of us (even those who are not F5 customers) is that management interfaces should only be accessible to those who need to manage the device.
Even the login prompt itself ought to whitelisted from source-IP addresses where your admins may likely be (office subnet, VPN addreses, etc.). The goal being to prevent an actor from staging an authentication bypass attack against a particularly powerful interface.