Cisco has confirmed that a decade-old cross-site scripting (XSS) vulnerability in its Adaptive Security Appliance (ASA) software is actively being exploited in the wild. Review this Cybersecurity Threat Advisory to learn how to mitigate your risk.
What is the threat?
The vulnerability, identified as CVE-2014-2120 with a CVSS score of 4.3, stems from insufficient input validation on the WebVPN login page of ASA. This flaw could enable an unauthenticated remote attacker to perform an XSS attack on a targeted user of the appliance. The attacker can exploit this flaw by persuading a targeted user to access a malicious link.
Why is this noteworthy?
The renewed exploitation of CVE-2014-2120 reflects a broader trend identified by security researchers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting its active use in attack campaigns. It has been linked to the operators of the ‘AndroxGh0st’ malware and Mozi botnet, who have incorporated this decade-old flaw into their resource as part of a strategic effort to expand their attack surface.
This incident underscores the critical importance of maintaining vigilance against both newly discovered threats and the resurgence of older vulnerabilities in essential network infrastructure components.
What is the exposure or risk?
CVE-2014-2120 poses a significantly higher risk due to its active exploitation, particularly for organizations running affected versions of Cisco ASA software:
- Advisory ID: cisco-sa-CVE-2014-2120
- First Published: 2014 March 18, 16 GMT
- Last Updated: 2024 December 2, 20:05 GMT
- Versions 1.1: Final
- Workarounds: No Workarounds available
- CISCO Bug IDs: CSCun 19025
What are the recommendations?
Barracuda recommends the following actions to protect your environment against this vulnerability:
- Apply the necessary updates to protect against this actively exploited vulnerability.
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html
- https://cybersecuritynews.com/exploitation-of-cisco-xss-vpn-vulnerability/
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
