A day after a critical flaw in Cisco Security Manager flaw was published, Cisco has hurried out a patch. The flaw (CVE-2020-27130) has a CVSS score of 9.1 out of 10, making it critical. The vulnerability stems from improper validation of directory traversal character sequences within requests to an affected device. A path-traversal attack aims to access files and directories that are stored outside the web root folder. If an attacker manipulates variables referencing files (with dot-dot-slash (../) sequences, it is possible to access arbitrary files.
Source: https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/