Cisco Cloud Portal Unauthenticated File Download Vulnerability

A vulnerability in the web interface of Cisco Cloud Portal could allow an unauthenticated, remote attacker to download certain file types from a vulnerable server.

The vulnerability is due to insufficient enforcement of access controls for certain file types. An attacker could exploit this vulnerability by using a browser to download files of the allowed types.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside. This access requirement reduces the likelihood of a successful exploit.