A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data to remote attackers. The flaw exists in the web services interface of Cisco s Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software. The vulnerability (CVE-2020-3452) ranks 7.5 out of 10 on the CVSS scale. It’s due to a lack of proper input validation of URLs in HTTP requests processed by affected devices.
Source: https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/