Decade-Old Cisco Vulnerability Under Active Exploit

December 3, 2024 at 03:41PM Cisco warns customers of a decade-old security flaw in its Adaptive Security Appliance (ASA) WebVPN, tracked as CVE-2014-2120, which is being actively exploited. This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Customers are urged to upgrade software, as no workarounds exist. ### Meeting Takeaways 1. **Security … Read more

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

December 3, 2024 at 08:57AM Cisco has updated its advisory regarding a decade-old vulnerability (CVE-2014-2120) in its Adaptive Security Appliance, which is being actively exploited. The flaw allows cross-site scripting attacks via the WebVPN login page. Users are urged to update their systems as it was added to the CISA’s KEV catalog for urgent remediation. … Read more