Cisco announced the release of the patch for a recently-discovered security flaw in the Data Center Network Manager (DCNM) software that is used to manage switches and routers connected through LAN and SAN environments, including the Cisco Nexus switches and MDS enterprise SAN switches.
The vulnerability affects Cisco Data Center Network Manager (DCNM) software releases prior to 11.0. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
The company has released software updates that address this vulnerability. But, there are no workarounds that address this vulnerability.