Cisco Data Center Network Manager flaw allows unauthorized access to sensitive information
A vulnerability in Cisco’s Data Center Network Manager could allow a remote attacker to gain access to sensitive information.
The vulnerability was rated “High” and if exploited would allow an unauthenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system, according to an Aug. 28 security advisory.
The bug is the result of improper validation of user request within the management interface which could be exploited by an attacker sending “malicious requests containing directory traversal character sequences within the management interface,” the advisory said. The attacker could also create arbitrary files on the targeted systems.
Cisco Data Center Network Manager (DCNM) software releases prior to 11.0(1) are affected by the exploit and there are currently no workarounds to address the vulnerability. Those who are affected are encouraged to update their systems as soon as possible.
Source | scmagazine