3 December 2024

Cisco says decade-old bug in ASA appliances exploited in the wild


Cisco says decade-old bug in ASA appliances exploited in the wild

Networking giant Cisco has updated its advisory to alert users about active exploitation of a ten-year-old vulnerability in its Adaptive Security Appliance (ASA) product.

The vulnerability, tracked as CVE-2014-2120, stems from insufficient input validation in ASA's WebVPN login page. Exploitation of this flaw could allow a remote, unauthenticated attacker to launch a cross-site scripting (XSS) attack, potentially compromising targeted users of the appliance.

The activity involving CVE-2014-2120 has been linked to the Mozi botnet, enabling attackers to amplify the scale and scope of their malicious campaigns. The Mozi botnet is infamous for its ability to exploit vulnerabilities in IoT and network devices.

Cisco is urging users of its ASA software to update their installations to the latest versions to prevent future attacks.

Back to the list

Latest Posts

Cybersecurity Week in Review: January 24, 2025

Cybersecurity Week in Review: January 24, 2025

In brief: SonicWall SMA zero-day exploited in attacks, hackers are exploiting older Ivanti flaws, and more.
24 January 2025
AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

The attacks have been active since June 2024.
23 January 2025
SonicWall SMA zero-day exploited in attacks

SonicWall SMA zero-day exploited in attacks

SonicWall has released a patch in version 12.4.3-02854 and higher versions to address the issue.
23 January 2025