FlagThis

Cisco has confirmed the active exploitation of a decade-old vulnerability, CVE-2014-2120, affecting the WebVPN login page of its Adaptive Security Appliance (ASA) software. This cross-site scripting (XSS) vulnerability, originally disclosed in 2014, allows unauthenticated, remote attackers to launch XSS attacks against WebVPN users by enticing them to click a malicious link. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts into the victim's browser. Cisco's Product Security Incident Response Team (PSIRT) became aware of renewed exploitation attempts in November 2024, prompting an updated advisory urging customers to upgrade to a fixed software release immediately.

While Cisco strongly recommends upgrading to patched software versions, it's important to note that free updates will not be provided for vulnerabilities disclosed through Security Notices. Customers are advised to contact their usual support channels to obtain the necessary upgrades. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) catalog in November 2024, further highlighting the critical need for swift remediation. Organizations utilizing third-party support should consult their service providers to ensure compatibility with any applied fixes.

ImgSrc: socradar.io

References:

• Vulnerability Archives ? Cybersecurity News - Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. - 1d
• The Hacker News - Cisco updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). - 1d
• Malware Analysis, News and Indicators - Latest topics - Cisco warns of continued exploitation of 10-year-old ASA bug, flaw in WebVPN login page exploited in the wild. - 1d
• Security Archives - Security Affairs - The ASA flaw CVE-2014-2120 is being actively exploited in the wild - 1d
• SCM feed for Security Strategy, Plan, Budget - Cisco warns of continued exploitation of 10-year-old ASA bug - 1d
• Security Risk Advisors - Cisco ASA WebVPN Login Page Vulnerable to Cross-Site Scripting Attack - 1d
• sec.cloudapps.cisco.com - Cisco's security advisory details the vulnerability, its potential impact, and recommendations for mitigation. - 1d
• SOCRadar? Cyber Intelligence Inc. - SOCRadar analysis of the Androxgh0st botnet and its use of the CVE-2014-2120 vulnerability. - 8h
• Malware Analysis, News and Indicators - Latest topics - Malware news article discussing the Androxgh0st botnet's utilization of the old Cisco ASA vulnerability. - 8h

Classification:

• HashTags: Cisco XSS WebVPN
• Company: Cisco
• Target: Cisco ASA WebVPN users
• Product: ASA Software
• Feature: WebVPN login page
• Type: Vulnerability
• Severity: Medium