# Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

__Dec 03, 2024__Ravie LakshmananVulnerability / Network Security

[](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd4NqjzePuCXa-QmDbyGkW4PyFXFEO-6JnB_ZV1trYN5AX7hiGm2gw4ONBhxUKjS23nKN3-Mb6l0Lvx_hCEaQs28C-4eleKo2uW2JsrI25eoWBhFmbxdQXvaJ6EEFNmcWCJTtu6YFHkGFxSivfKX6vDIFQ0KhdAeVeRU5ImxlYLMAUeSXFO6DrH5Jv2PLd/s728-rw-e365/cisco.png)

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).

The vulnerability, tracked as **CVE-2014-2120** (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.

"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco [noted](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120) in an alert released in March 2014.

As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.

[](https://thehackernews.uk/gartner-endpoint-protection-d-v1)

The development comes shortly after cybersecurity firm CloudSEK [revealed](https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html) that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware.

The malicious activity is also notable for the integration of the Mozi botnet, which allows AndroxGh0st to further expand in size and scope.

As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) [added](https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog) the flaw to its Known Exploited Vulnerabilities ([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) catalog last month, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate it by December 3, 2024.

Users of Cisco ASA are highly recommended to keep their installations up-to-date for optimal protection and to safeguard against potential cyber threats.

  

Found this article interesting? Follow us on [Twitter __](https://twitter.com/thehackersnews) and [LinkedIn](https://www.linkedin.com/company/thehackernews/) to read more exclusive content we post.

SHARE [__](https://thehackernews.com/#link_share) [__](https://thehackernews.com/#link_share) [__](https://thehackernews.com/#link_share) __

[__Tweet](https://thehackernews.com/#link_share)

[__Share](https://thehackernews.com/#link_share)

[__Share](https://thehackernews.com/#link_share)

__Share

__ [__Share on Facebook](https://thehackernews.com/#link_share) [__Share on Twitter](https://thehackernews.com/#link_share) [__Share on Linkedin](https://thehackernews.com/#link_share) [__Share on Reddit](https://thehackernews.com/#link_share) [__Share on Hacker News](https://thehackernews.com/#link_share) [__Share on Email](https://thehackernews.com/#link_share) [__Share on WhatsApp](https://thehackernews.com/#link_share) [Share on Facebook Messenger](https://thehackernews.com/#link_share) [__Share on Telegram](https://thehackernews.com/#link_share)

SHARE __

[botnet](https://thehackernews.com/search/label/botnet)[CISA](https://thehackernews.com/search/label/CISA)[cisco](https://thehackernews.com/search/label/cisco)[cybersecurity](https://thehackernews.com/search/label/cybersecurity)[Malware](https://thehackernews.com/search/label/Malware)[Networking](https://thehackernews.com/search/label/Networking)[Vulnerability](https://thehackernews.com/search/label/Vulnerability)[web security](https://thehackernews.com/search/label/web%20security)
