Cisco Warns of CVE-2014-2120 Vulnerability in ASA Being Exploited - Thailand Computer Emergency Response Team (ThaiCERT)

435/67 Friday, December 6, 2024

Cisco has issued a warning to customers regarding a decade-old vulnerability in its Cisco Adaptive Security Appliance (ASA) software, identified as CVE-2014-2120. This vulnerability is currently being widely exploited. It exists in the WebVPN login page of ASA software, allowing unauthenticated attackers to execute Cross-Site Scripting (XSS) attacks on WebVPN users of Cisco ASA devices. The issue stems from insufficient input validation, enabling attackers to exploit the flaw by tricking users into accessing malicious links.

In November 2024, Cisco’s Product Security Incident Response Team (PSIRT) observed renewed attempts to exploit this vulnerability in Cisco systems. Customers are urged to promptly update their software to a patched version to mitigate the risk of attacks. Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.

Cisco strongly advises customers to review its updated security advisories and implement the recommended fixes immediately to prevent exploitation. The vulnerability continues to be actively leveraged by hackers today.

Source https://securityaffairs.com/171631/hacking/cisco-asa-flaw-cve-2014-2120-exploited-in-the-wild.html