Cisco released a high severity security update to fix a directory path traversal vulnerability (CVE-2018-0464) in its Data Center Network Manager (DCNM) product.Â
Description of the issue as published in the Cisco advisory:
“The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.”
Network administrators are strongly encouraged to update impacted systems as soon as possible.