CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.