The Treck TCP/IP stack prior to 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote malicious users to trigger an information leak.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
treck tcp\\/ip |
Plus: US govt sounds the alarm on industrial equipment attacks
In Brief Cisco this week emitted fixes for potentially serious vulnerabilities, one of which is already being exploited in the wild. The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla's Adaptive Security Appliance and Firepower Threat Defense software that can be used to "read sensitive files on a targeted system." While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the flaw was ...