Cisco SD-WAN vManage Software could allow a remote authenticated malicious user to traverse directories on the system, caused by improper validation of HTTP requests. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read arbitrary files on the system.