Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws


In Brief Cisco this week emitted fixes for potentially serious vulnerabilities, one of which is already being exploited in the wild.

The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla’s Adaptive Security Appliance and Firepower Threat Defense software that can be used to “read sensitive files on a targeted system.” While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the flaw was being targeted in the wild.

Read more…