On Monday, Cisco updated its advisory to warn customers about the active exploitation of a decade-old security flaw affecting the Adaptive Security Appliance (ASA).
Vulnerability, tracked as CVE-2014-2120 (CVSS Score: 4.3) concerns an instance of insufficient input validation on the WebVPN ASA login page that could have allowed an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against the target user of the device.
“An attacker could exploit this vulnerability by convincing a user to access a malicious link,” Cisco noted in a warning issued in March 2014.
As of December 2, 2024, the major networking equipment manufacturer revised its bulletin to note that it had become aware of an “additional attempted exploitation” of this vulnerability in the wild.
The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st use an extensive list of security vulnerabilities in various Internet applications, including CVE-2014-2120, to spread the malware.
Malicious activity is also characterized by the integration of the Mozi botnet, allowing the botnet to further expand in size and scope.
As a result of the US Cybersecurity and Infrastructure Security Agency (CISA) added flaw in its known vulnerabilities (KEV) directory last month, requiring Federal Civil Enforcement Agency (FCEB) agencies to fix it by December 3, 2024.
Cisco ASA users are strongly encouraged to continually update their installations for optimal protection and protection against potential cyber threats.
