 |
| Cisco has updated its security advisory to alert users about active exploitation of a decade-old vulnerability affecting its Adaptive Security Appliance (ASA). |
Key Details About the Vulnerability
The flaw, identified as CVE-2014-2120 with a CVSS score of 4.3, stems from insufficient input validation in ASA's WebVPN login page. This weakness enables an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack against unsuspecting users.
According to Cisco's original alert, issued in March 2014, an attacker could exploit this flaw by persuading a user to click on a malicious link.
On December 2, 2024, Cisco revised its advisory, highlighting that the vulnerability is being actively exploited in the wild.
Connection to AndroxGh0st and Mozi Botnet
Recent findings by cybersecurity firm CloudSEK indicate that threat actors, including the group behind AndroxGh0st malware, are leveraging CVE-2014-2120 along with other vulnerabilities in internet-facing applications.
The malicious campaign also incorporates the Mozi botnet, which is being used to amplify the botnet’s reach and scope, further intensifying the threat.
CISA's Response
In response to the increased exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this flaw by December 3, 2024, to ensure robust security.
Recommendations for Cisco ASA Users
To mitigate the risks posed by this vulnerability, Cisco ASA users are strongly advised to:
- Keep their installations up-to-date with the latest security patches.
- Regularly review and follow Cisco's security advisories for any updates.
- Stay vigilant against phishing attempts that may lure users into clicking malicious links.
Why This Matters
With the rise of advanced threats like AndroxGh0st and the expansion of the Mozi botnet, vulnerabilities like CVE-2014-2120 remain lucrative targets for attackers. Taking proactive measures to secure your systems is critical in safeguarding against potential cyber threats.