Cisco Alerts Users About Active Exploitation of Old ASA WebVPN Security Flaw

December 3, 2024

On Monday, Cisco issued an update to an advisory, warning its customers about the ongoing exploitation of a security vulnerability that has been present in its Adaptive Security Appliance (ASA) for a decade. This vulnerability, designated as CVE-2014-2120, involves a lack of adequate input validation in the WebVPN login page of ASA. This could potentially allow an unauthenticated remote attacker to execute a cross-site scripting (XSS) attack against a user of the appliance.

'An attacker could exploit this vulnerability by convincing a user to access a malicious link,' Cisco stated in an alert that was originally released in March 2014. As of December 2, 2024, the networking equipment giant has updated its bulletin to indicate it has observed 'additional attempted exploitation' of this vulnerability in the wild.

This update comes in the wake of revelations by cybersecurity firm CloudSEK that the threat actors behind AndroxGh0st are exploiting a long list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to spread their malware. The malicious activities of these threat actors have also been observed to incorporate the Mozi botnet, which allows the botnet to increase in size and scope.

In response to these developments, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities (KEV) catalog last month. The agency mandated Federal Civilian Executive Branch (FCEB) agencies to fix it by December 3, 2024.

Cisco ASA users are strongly advised to keep their installations updated to ensure maximum protection and to defend against potential cyber threats. To protect your organization from AI risks, it's recommended to gain expert insights on security and innovation in app development, and to implement effective PAS strategies to secure privileged accounts, reduce attack surfaces, and stay ahead of cyber threats.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.