Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system.

The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. A successful exploit could allow the attacker to read any sensitive file or execute malicious code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf1”]