Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting two of its firewall products. The vulnerability tracked as CVE-2020-3452 may allow unauthenticated attackers to read sensitive files on unpatched systems. The impacted products are Cisco Adaptive Security Appliance (ASA) Software and the Cisco Firepower Threat Defense (FTD) Software. Only about 10% of all Cisco ASA/FTD devices it found were rebooted since the release of a patch delivered for a security flaw in 2016.
Source: https://www.bleepingcomputer.com/news/security/cisco-patches-asa-ftd-firewall-flaw-actively-exploited-by-hackers/