{"id":6477,"date":"2024-12-03T14:25:34","date_gmt":"2024-12-03T20:25:34","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/decade-old-cisco-vulnerability-exploit"},"modified":"2024-12-03T14:25:34","modified_gmt":"2024-12-03T20:25:34","slug":"decade-old-cisco-vulnerability-under-active-exploit","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/03\/decade-old-cisco-vulnerability-under-active-exploit\/","title":{"rendered":"Decade-Old Cisco Vulnerability Under Active Exploit"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

NEWS BRIEF<\/span><\/span><\/p>\n

Cisco is warning customers of a security vulnerability impacting its <\/span>Adaptive Security Appliance<\/a><\/span> (ASA) that is actively being exploited by threat actors.<\/span><\/p>\n

The bug, tracked as CVE-2014-2120 and a decade old, involves insufficient input validation in ASA’s WebVPN login page, through which an unauthenticated remote attacker could enact a cross-site scripting (XSS) attack.<\/span><\/p>\n

In 2014, Cisco noted that “the vulnerability is due to <\/span>insufficient input validation of a parameter,<\/a><\/span>” adding that an attacker could exploit the vulnerability by convincing the user to click on a malicious link.<\/span><\/p>\n

Cisco<\/a><\/span> now reports it became aware of in-the-wild exploitation attempts in November 2024 and recommends that customers upgrade to a fixed software release to mitigate the vulnerability. There are no workarounds for this flaw.<\/span><\/p>\n

“Exploiting decade-old vulnerabilities like the ASA WebVPN bug underscores a persistent challenge in cybersecurity, that legacy vulnerabilities often remain unaddressed due to the sheer volume of security issues organizations face today,” Meny Har, CEO and co-founder of Opus Security, said in an emailed statement to Dark Reading. “Without effective prioritization frameworks, <\/span>critical vulnerabilities<\/a><\/span> can slip through the cracks.”<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

NEWS BRIEF Cisco is warning customers of a security vulnerability<\/p>\n","protected":false},"author":12,"featured_media":6478,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/decade-old-cisco-vulnerability-under-active-exploit-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6477"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6477\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6478"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}