A vulnerability identified a decade ago in Cisco’s Adaptive Security Appliance (ASA) software is making headlines again as active exploitation has been confirmed in the present day. This is the CVE-2014-2120 flaw, which is related to cross-site scripting (XSS) attacks on the WebVPN login page. This resurgence highlights the persistent threat of unpatched legacy vulnerabilities and their impact on critical infrastructure.
A Problem Persisting Since 2014
The CVE-2014-2120 vulnerability was originally disclosed in March 2014. The flaw resides in insufficient input validation on the WebVPN login page, allowing an unauthenticated remote attacker to induce a user to access a malicious link. This could lead to the execution of scripts or HTML code in the context of the affected interface, potentially compromising system security and user data.
In November 2024, Cisco’s Product Security Incident Response Team (PSIRT) detected new attempts to exploit this vulnerability. As a result, the company updated its security advisory and urged users to take immediate steps to mitigate the risk.
Heightened Risk and Active Exploitation
The resurgence of this vulnerability is not an isolated case. According to the Cybersecurity and Infrastructure Security Agency (CISA) of the United States, CVE-2014-2120 has recently been included in its Known Exploited Vulnerabilities (KEV) Catalog. This reflects its use in cyberattack campaigns, particularly by malicious groups such as the operators of the “AndroxGh0st” malware, who have added this vulnerability to their arsenal to enhance their attack capabilities.
Experts warn that the state of active exploitation significantly elevates the risk for organizations still running vulnerable versions of the Cisco ASA software. This event underscores the critical need to keep systems updated and address legacy vulnerabilities that can be rediscovered and reused by malicious actors.
Cisco Recommendations: Mandatory Updates
Cisco has been emphatic in recommending that users update their software to a patched version to address this vulnerability. The company clarified that no viable alternative solutions exist and that the patch is the only effective way to mitigate the issue.
Additionally, Cisco has reminded its customers that patches are available at no extra cost and that users should consult with their support providers to ensure the applied solution is appropriate for their specific environments.
A Global Challenge for Cybersecurity
The continued exploitation of CVE-2014-2120 reflects a broader issue in the cybersecurity landscape: unpatched legacy vulnerabilities continue to pose a significant threat. This incident highlights the importance of constant vigilance and proactive system updates, especially in critical infrastructure relying on solutions like Cisco ASA.
As Cisco noted, this vulnerability serves as a reminder that even low-level flaws can have serious consequences if not addressed. As malicious actors continue to develop new strategies to exploit security gaps, prevention and rapid response are essential to protecting both organizations and their users.
Source: News Security