Cisco has issued an updated advisory alerting customers about the active exploitation of a decade-old security vulnerability in its Adaptive Security Appliance (ASA), specifically CVE-2014-2120. This flaw, initially identified in 2014 with a CVSS score of 4.3, involves insufficient input validation in ASA’s WebVPN login page. As a result, an unauthenticated remote attacker could potentially execute a cross-site scripting (XSS) attack. The exploitation of this vulnerability requires convincing a user to click on a malicious link, further underscoring the need for vigilance among users.
In recent developments, cybersecurity firm CloudSEK reported that threat actors associated with the AndroxGh0st malware have been actively exploiting this vulnerability, among others, to spread their malicious software. This campaign has also incorporated the Mozi botnet, which enhances the malware’s proliferation capabilities significantly. In light of these activities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch (FCEB) agencies are now mandated to address this security flaw by December 3, 2024, emphasizing the urgency of this matter.
Cisco strongly advises users of its ASA software to ensure their installations are up-to-date to mitigate potential cyber threats. The ongoing exploitation of this decade-old flaw serves as a stark reminder of the persistent risks posed by longstanding vulnerabilities and the critical importance of applying security patches promptly. As cybersecurity threats continue to evolve, organizations must remain proactive in safeguarding their network infrastructures by diligently addressing and updating known vulnerabilities.