Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws

Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws

In Brief Cisco this week emitted fixes for potentially serious vulnerabilities, one of which is already being exploited in the wild.


The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla's Adaptive Security Appliance and Firepower Threat Defense software that can be used to "read sensitive files on a targeted system." While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the flaw was being targeted in the wild.


The second patch is for CVE-2020-11896, CVE-2020-11897, and CVE-2020-11898. The trio are collectively known as Ripple20
Support the originator by clicking the read the rest link below.