FlagThis

Cisco has confirmed active exploitation of a decade-old cross-site scripting (XSS) vulnerability (CVE-2014-2120) in its Adaptive Security Appliance (ASA) software’s WebVPN login page. Unauthenticated, remote attackers can conduct XSS attacks against WebVPN users. Cisco strongly recommends upgrading to a fixed software release to remediate this vulnerability. This vulnerability was originally disclosed in 2014 and has recently been actively exploited.