10-Year-Old Cisco Security Flaw Under Active Attack: WebVPN Users at Risk

10-Year-Old Cisco Security Flaw Under Active Attack: WebVPN Users at Risk

Enhanced and Simplified Version:

Cisco has issued an urgent update regarding active exploitation of a 2014 vulnerability (CVE-2014-2120) in their Adaptive Security Appliance (ASA). The security flaw, with a CVSS score of 4.3, allows unauthorized remote attackers to perform cross-site scripting (XSS) attacks through ASA’s WebVPN login page.

The vulnerability, exploitable when users click malicious links, has seen increased exploitation attempts as of December 2024. This surge in activity is linked to the AndroxGh0st threat actors, who are utilizing multiple vulnerabilities, including CVE-2014-2120, to spread malware. The attack campaign notably incorporates the Mozi botnet to expand its reach.

In response, CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch agencies to patch their systems by December 3, 2024. Cisco ASA users are strongly advised to update their systems immediately to prevent potential attacks.

Share This Article