NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. The attacker needs to send a specially crafted request with a parameter with the file name to read. The Attack Complexity is low, and the privileges required are low. User Interaction is required, and Scope is unchanged
Customers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT
page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix.