Introduction
Cisco has issued an urgent security advisory concerning a medium-severity vulnerability in its Adaptive Security Appliance (ASA), identified as CVE-2014-2120 [2] [5] [6] [9]. This vulnerability, which has been actively exploited [2], poses significant risks to organizations using affected versions of Cisco ASA Software. Immediate mitigation measures are necessary to protect against potential attacks.
Description
Cisco has issued an urgent security advisory regarding a medium-severity vulnerability in its Adaptive Security Appliance (ASA), tracked as CVE-2014-2120 [1] [5] [6] [9]. This decade-old cross-site scripting (XSS) vulnerability affects the WebVPN feature used for secure remote access, specifically targeting the WebVPN login page due to insufficient input validation of a parameter. This flaw allows unauthenticated remote attackers to execute XSS attacks by convincing users to access malicious links that can execute scripts in their browsers. Active exploitation of this vulnerability has been confirmed [7], with new attempts detected by the Cisco Product Security Incident Response Team (PSIRT) in November 2024 [4], underscoring the urgency for immediate mitigation measures [3]. The Cybersecurity and Infrastructure Security Agency (CISA) has also added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) Catalog [2] [3] [4] [7] [8], highlighting the critical nature of this issue and its involvement in active attack campaigns.
Although the vulnerability has a CVSS base score of 4.3 [4], the ongoing exploitation significantly heightens the risk for organizations using affected Cisco ASA Software versions [4]. Attackers can hijack user sessions and impersonate users within an organization [9], particularly when combined with targeted phishing attacks [9]. Cisco initially released security updates to address this issue on March 18, 2014, and strongly recommends that customers upgrade to a fixed software release to remediate the vulnerability [2] [3] [5], as free updates for vulnerabilities disclosed via Security Notices are not provided and there are no available workarounds. Organizations relying on third-party support for Cisco products should consult their service providers to ensure that any applied fixes are appropriate for their specific network configurations [3] [7].
The resurgence of exploitation attempts [4], particularly linked to the operators of the ‘AndroxGh0st’ malware/botnet [4], highlights the ongoing threat posed by older [4], unpatched vulnerabilities in critical network infrastructure components [4]. This situation emphasizes the need for continuous vigilance and prompt action to mitigate risks [4]. The persistence of such legacy vulnerabilities illustrates the challenges in cybersecurity [6], as organizations often struggle to prioritize vulnerabilities amid the overwhelming number of security issues they face [9]. Cisco continues to monitor the situation and advises all customers to review their ASA Software configurations and apply necessary updates to enhance their security posture.
Conclusion
The active exploitation of CVE-2014-2120 underscores the critical need for organizations to address this vulnerability promptly. By upgrading to a fixed software release [2] [3] [4] [5] [6] [7], organizations can mitigate the risks associated with this flaw. The situation highlights the broader challenge of managing legacy vulnerabilities and the importance of maintaining a proactive approach to cybersecurity. Continuous monitoring and timely updates are essential to safeguard network infrastructure against evolving threats.
References
[1] https://www.security.nl/posting/867659/Cisco+meldt+actief+misbruik+van+tien+jaar+oud+lek+in+Cisco+ASA+WebVPN
[2] https://securityaffairs.com/171631/hacking/cisco-asa-flaw-cve-2014-2120-exploited-in-the-wild.html
[3] https://www.hendryadrian.com/update-cisco-confirms-active-exploitation-of-decade-old-webvpn-vulnerability-in-asa-software/
[4] https://cybersecuritynews.com/exploitation-of-cisco-xss-vpn-vulnerability/
[5] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120
[6] https://www.darkreading.com/vulnerabilities-threats/decade-old-cisco-vulnerability-exploit
[7] https://securityonline.info/cisco-confirms-active-exploitation-of-decade-old-webvpn-vulnerability-in-asa-software/
[8] https://www.cyware.com/resources/threat-briefings/daily-threat-briefing/cyware-daily-threat-intelligence-december-03-2024
[9] https://www.scworld.com/news/cisco-warns-of-continued-exploitation-of-10-year-old-asa-bug
