December 3, 2024 at 08:57AM
Cisco has updated its advisory regarding a decade-old vulnerability (CVE-2014-2120) in its Adaptive Security Appliance, which is being actively exploited. The flaw allows cross-site scripting attacks via the WebVPN login page. Users are urged to update their systems as it was added to the CISA’s KEV catalog for urgent remediation.
### Meeting Takeaways – December 3, 2024
**Key Issue: Vulnerability in Cisco ASA**
1. **Active Exploitation Warning**:
– Cisco has updated an advisory regarding the exploitation of a long-standing security flaw (CVE-2014-2120) in its Adaptive Security Appliance (ASA).
– The vulnerability pertains to insufficient input validation in the WebVPN login page, which may allow remote, unauthenticated attackers to conduct cross-site scripting (XSS) attacks.
2. **Recent Developments**:
– As of December 2, 2024, Cisco noted increased attempts to exploit this vulnerability in real-world scenarios.
– Cybersecurity firm CloudSEK reported that the AndroxGh0st threat actors are utilizing this vulnerability along with others to distribute malware.
3. **Threat Landscape**:
– The activity has been linked to the Mozi botnet, increasing the risk through the amplification of its reach and capabilities.
4. **CISA Involvement**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
– Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by December 3, 2024.
5. **Recommendation**:
– Users of Cisco ASA are strongly advised to update their installations promptly to mitigate risks and safeguard against potential cyber threats.
**Action Item**: Ensure Cisco ASA installations are assessed and updated as necessary before the CISA deadline.