Security News > 2024 > December > Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
2024-12-03 12:51

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack


News URL

https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2014-03-19 CVE-2014-2120 Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
network
low complexity
cisco CWE-79
6.1
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2048 21 1780 1675 288 3764