zCat on Nostr: Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability Cisco on Monday ...
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.
"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2014.
As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.
See more: https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html
#cybersecurity #xss #webvpn
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.
"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2014.
As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.
See more: https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html
#cybersecurity #xss #webvpn