Security
Headlines
HeadlinesLatestCVEs

Headline

Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability

The vulnerability was first identified in 2014.

HackRead
#xss#vulnerability#web#google#cisco#intel#botnet#auth#ssl

****SUMMARY:****

  • Critical Patch Alert: Cisco ASA users must urgently address a 10-year-old WebVPN vulnerability (CVE-2014-2120) that attackers are now actively exploiting.

  • XSS Risk Identified: The flaw allows unauthenticated attackers to perform cross-site scripting (XSS) attacks via malicious links, potentially compromising sensitive data and injecting malware.

  • Active Exploitation: Recent reports highlight that malware like AndroxGh0st is leveraging CVE-2014-2120, prompting Cisco to update its advisory in November 2024.

  • Government Action Required: CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalogue, mandating federal agencies to patch it by December 3, 2024.

  • No Workaround Available: Upgrading the Cisco ASA software to a patched version is the only solution—reach out to Cisco support or service providers to secure your network.

If you are using a Cisco Adaptive Security Appliance (ASA) for your network security, it is time to patch a critical vulnerability that’s been around, surprisingly, for ten years.

Cisco recently updated an advisory about a security flaw in the WebVPN login page of their ASA software, which can allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack on anyone using WebVPN on the Cisco ASA.

This vulnerability, tracked as CVE-2014-2120, is a medium-severity vulnerability caused due to insufficient input validation of a parameter, which could be exploited by convincing a user to access a malicious link. Clicking this link can force them into giving away sensitive information, hijacking browsing sessions, or even injecting malware.

The vulnerability itself isn’t new – Cisco originally issued a warning back in March 2014. However, the company’s recent update highlights a concerning development: attackers are actively trying to exploit this decade-old bug.

In November 2024, the Cisco Product Security Incident Response Team (PSIRT) identified this emerging pattern of new exploitation attempts. This coincides with a report from security firm CloudSEK, which revealed that malware called AndroxGh0st is using CVE-2014-2120 (among others) to spread.

It is worth noting that CISA added CVE-2014-2120 to its KEV (Known Exploited Vulnerabilities) catalogue on November 12, requiring government agencies to address it by December 3, 2024.

The re-exploitation of this flaw shows the need for timely software updates and security patches. Unfortunately, there’s no quick fix or workaround for this vulnerability. Your only protection is to upgrade your Cisco ASA software to a version that includes a patch. Don’t wait – contact your Cisco support channel and get the update process rolling. Upgrading is crucial to ensure your network remains secure.

Customers with Cisco products that are provided or maintained through agreements with third-party support organizations like Cisco Partner/resellers/service providers should consult their service providers to identify the best workaround or fix for their networks before deployment.

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) weighed in on the situation stating, These attacks highlight how technical debt and low cybersecurity maturity can compound risk. Many organizations struggle with basic cybersecurity capabilities, leaving them vulnerable to both historical and emerging threats.

If adversaries can exploit older flaws, they will. Addressing the risks associated with legacy systems is imperative, however, it demands investments that many organizations lack the resources to make, Jason explained.

  1. Decade Old Software Bug Sets 3000 US Prisoners Free
  2. Goldoon Botnet Exploits 9-Year-Old Flaw on D-Link Devices
  3. 7-Year-Old Pre-Installed Google Pixel App Flaw Risks Millions
  4. Intel Broker Cisco Breach: Selling Stolen Data from Major Firms
  5. **Cisco Web UI Flaw Exploited Massly, Impacting Over 40K Devices
    **

Related news

Decade-Old Cisco Vulnerability Under Active Exploit

Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a

HackRead: Latest News

API Security in Open Banking: Balancing Innovation with Risk Management