FlagThis

A decade-old vulnerability in Cisco's Adaptive Security Appliance (ASA) software, CVE-2014-2120, is being actively exploited, prompting a renewed warning from Cisco. Initially deemed medium severity with a CVSS score of 4.3, the vulnerability allows Cross-site Scripting (XSS) attacks. Attackers can trick users into accessing malicious links, injecting scripts to gain unauthorized access. The Androxgh0st botnet is leveraging this flaw, alongside others, for broader malicious campaigns, including malware distribution. Cisco's Product Security Incident Response Team (PSIRT) observed active attacks as early as November 2024, leading to an updated advisory urging users to upgrade to patched versions.

The vulnerability stems from insufficient input validation in the ASA's WebVPN login page. While originally requiring user interaction to exploit, recent reports indicate a shift towards more sophisticated attack methods employed by the Androxgh0st botnet. Cisco emphasizes the importance of updating vulnerable ASA versions despite the vulnerability's age and relatively low initial severity rating. This incident highlights the ongoing threat posed by older, unpatched systems and the need for comprehensive security practices to mitigate risks from evolving cyber threats.

ImgSrc: socradar.io

References:

• Malware Analysis, News and Indicators - Latest topics - Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity - 30d
• sec.cloudapps.cisco.com - Cisco has issued a fresh warning regarding CVE-2014-2120, a decade-old vulnerability in its Adaptive Security Appliance (ASA). - 30d
• SOCRadar? Cyber Intelligence Inc. - Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity - 30d

Classification:

• HashTags: Cisco Androxgh0st CVE
• Company: Cisco
• Target: Cisco ASA users
• Attacker:
• Product: Cisco ASA
• Feature: Adaptive Security Appliance (A
• Type: Vulnerability
• Severity: Medium