Cisco has shipped a critical bulletin to warn about a serious security hole in the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. Exploit of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs. The flaw carries a CVSS Base Score of 7.8.8. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside the web server document directory, by using a specially crafted URL.
Source: https://threatpost.com/cisco-plugs-code-execution-hole-cds-internet-streamer-072210/74244/