Cisco has issued a new advisory concerning the active exploitation of a ten-year-old security flaw in its Adaptive Security Appliance (ASA) software. The vulnerability, identified as CVE-2014-2120, poses a potential risk for cross-site scripting (XSS) attacks through ASA's WebVPN.

Vulnerability Overview

CVE-2014-2120, with a CVSS score of 4.3, involves insufficient input validation on ASA's WebVPN login page. This flaw can be exploited by unauthenticated remote attackers to execute XSS attacks against targeted users. Attackers can exploit this vulnerability by enticing users to click on malicious links.

Threat Actor Activity

As of December 2, 2024, Cisco updated its advisory to include information about additional attempts to exploit this vulnerability in the wild. The security firm CloudSEK reported that the group behind AndroxGh0st malware is actively leveraging CVE-2014-2120 and other vulnerabilities in internet-facing applications to advance their malware campaigns.

Integration with Other Threats

The malicious activity includes utilization of the Mozi botnet, which is expanding its reach and effectiveness by incorporating this vulnerability.

Implications

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recognized the severity of this threat by adding CVE-2014-2120 to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to complete remediation efforts by December 3, 2024. This highlights the importance of addressing legacy vulnerabilities to prevent exploitation by increasingly sophisticated threat actors.

Cisco ASA users are urged to ensure their systems are updated to mitigate potential threats associated with this enduring vulnerability. Regular updates and vigilant monitoring of security advisories remain critical components of an effective cybersecurity posture.

The link has been copied!