Cisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA Software

Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. Originally disclosed in 2014, this vulnerability enables unauthenticated, remote attackers to execute cross-site scripting (XSS) attacks against WebVPN users. Cisco’s updated advisory confirms active exploitation of this vulnerability, underscoring the need for immediate mitigation measures.

CVE-2014-2120 is a cross-site scripting (XSS) vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. According to Cisco’s updated advisory, the vulnerability arises from “insufficient input validation of a parameter,” enabling attackers to craft malicious links that, when accessed by a victim, execute arbitrary scripts in their browser.

The advisory emphasizes that exploitation could allow an unauthenticated, remote attacker to target WebVPN users on affected Cisco ASA devices.

Cisco PSIRT was alerted to this renewed exploitation activity in November 2024. In response, the company strongly advises customers to upgrade to a fixed software release to remediate the vulnerability. However, Cisco has stated that free software updates will not be provided for vulnerabilities disclosed via Security Notices. Customers are directed to engage their usual support channels to obtain necessary software upgrades.

The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) Catalog on November 12, 2024, further reinforcing the urgency for organizations to address this vulnerability.

Organizations relying on third-party support for Cisco products are urged to consult their service providers to ensure that any applied fixes are suitable for their specific network configurations.

Related Posts:

• Iranian Cyber Group Emennet Pasargad’s Expanding Operations Targeting Global Networks
• Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)
• SAML Authentication System Vulnerability Affects Cisco Firepower, AnyConnect, and ASA Products
• Cisco Adaptive Security Appliance exists Critical VPN Flaw (CVE-2018-0101)