Symantec released an update to its Management Console product to patch a vulnerability that can leave users susceptible to a directory traversal exploit.
The exploit can be leveraged when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs, according to a Nov. 20 security update.
The goal of the attack would be to use an affected application to gain unauthorized access to the file system. The flaw affects Management console products prior to ITMS 8.1 RU4 and those affected are urged to update to the latest version as soon as possible.
Patches are available to customers through normal support channels and researchers are unaware of any exploits in the wild. To reduce risk of the vulnerability being exploited, researchers recommend users restrict access to administrative or management systems to authorized privileged users and Restrict remote access to trusted/authorized systems only.