Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

Cisco has updated an advisory for CVE-2014-2120 to warn customers that the vulnerability has been exploited in the wild. 

Botnet

Cisco on Monday updated an advisory covering a decade-old vulnerability to warn customers about in-the-wild exploitation. 

The vulnerability is tracked as CVE-2014-2120 and it has been described as a medium-severity cross-site scripting (XSS) vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) products.

According to the networking giant, an unauthenticated, remote attacker can exploit the vulnerability to conduct XSS attacks against WebVPN users by getting them to click on a malicious link.

Cisco published its initial advisory for CVE-2014-2120 in March 2014, when it informed customers that they should reach out to support channels to obtain a patched software version.

“In November 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” Cisco said in an update added on December 2.

Cisco’s update comes after the cybersecurity agency CISA added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) catalog on November 12, instructing government agencies to address the flaw in their environments by December 3. 

CISA’s KEV update came just days after cybersecurity firm CloudSEK published a blog post describing significant changes in the Androxgh0st botnet, including the exploitation of multiple vulnerabilities for initial access to systems, and a potential operational integration with the Mozi botnet, which was shut down by Chinese authorities in late 2023. 

CloudSEK has seen the Androxgh0st botnet attempting to exploit vulnerabilities in Cisco, Atlassian, Metabase, Sophos, Oracle, OptiLink, TP-Link, Netgear, and GPON products, as well as in PHP and a WordPress plugin. The list of exploited flaws includes the Cisco ASA vulnerability CVE-2014-2120. 

Advertisement. Scroll to continue reading.

The security firm saw hundreds of devices that had been compromised by the Androxgh0st botnet. 

In the case of CVE-2014-2120, the threat actor has attempted to exploit it using specially crafted requests that would enable them to remotely upload arbitrary files and add malicious code to PHP files on the server, for persistence and further backdooring. 

According to previous reports, Androxgh0st enables cybercriminals to gain access to websites and business systems, and obtain sensitive information such as credentials. They can abuse compromised systems to conduct further attacks, including cryptocurrency mining and DDoS attacks. 

Related: ProjectSend Vulnerability Exploited in the Wild

Related: 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws

Related: Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.