First discovered in 2014 by researcher Jonathan Claudius, CVE-2014-2120 is a vulnerability caused by insufficient input validation in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw could allow an unauthenticated remote attacker to execute an XSS attack against a user by persuading them to access a malicious link.
Impact
According to Cisco PSIRT, this vulnerability was being exploited in the wild as recently as November 2024 and has been added to CISA’s KEV catalog. Cisco first published an advisory for CVE-2014-2120 in March 2024, but detected additional exploitation attempts in November.
Products Affected
The bug affects Cisco Adaptive Security Appliance (ASA).
Solutions
Cisco strongly advises its customers to install the fixes provided within their advisory. No workarounds are available.
Instantly Fix Risks with SanerNow Patch Management
SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.