Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.
"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2024.
As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.
The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware.
The malicious activity is also notable for the integration of the Mozi botnet, which allows the botnet to further expand in size and scope.
As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog last month, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate it by December 3, 2024.
Users of Cisco ASA are highly recommended to keep their installations up-to-date for optimal protection and to safeguard against potential cyber threats.
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumInsecure JSF ViewState
MediumWeb Cache Deception
InformationalSec-Fetch-Mode Header is Missing
MediumBackup File Disclosure
InformationalStrict-Transport-Security Header on Plain HTTP Response
Free online web security scanner