Cisco has announced that a directory traversal flaw has been discovered in its CiscoWorks product line.  According to the announcement:

Products that have TFTP services enabled and that run CiscoWorks
Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable.
Only CiscoWorks Common Services systems running on Microsoft Windows
operating systems are affected.

A successful exploitation of this vulnerability may allow an attacker
unauthorized access to view or modify application and host operating
system files. Modification of some system files could result in a denial
of service condition.

More information and a complete list of vulnerable products is available from:

• http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml
• http://www.us-cert.gov/current/index.html#cisco_releases_security_advisory_for10