[原文]The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
WebNS contains a flaw that may lead to an unauthorized information disclosure. The issue is caused because normal FTP users are able to access all files via GET and PUT commands, which will disclose arbitrary file information resulting in a loss of confidentiality.
Upgrade to versions 4.01B23s, 4.10B13s or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.