Decade-Old Cisco Vulnerability Under Active Exploit

December 3, 2024 at 03:41PM Cisco warns customers of a decade-old security flaw in its Adaptive Security Appliance (ASA) WebVPN, tracked as CVE-2014-2120, which is being actively exploited. This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Customers are urged to upgrade software, as no workarounds exist. ### Meeting Takeaways 1. **Security … Read more

Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

December 3, 2024 at 05:58AM Cisco updated its advisory on the CVE-2014-2120 vulnerability, highlighting ongoing exploitation attempts. This medium-severity XSS flaw affects the WebVPN login page of Cisco ASA products. Customers are urged to upgrade to a patched version. The vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog, prompting immediate action. ### Meeting Takeaways … Read more

Norway recommends replacing SSL VPN to prevent breaches

May 16, 2024 at 03:08PM The Norwegian NCSC advises replacing SSLVPN/WebVPN with more secure options due to repeated vulnerabilities exploitation in network devices. The transition deadline is 2025, with critical infrastructure entities expected to switch by the end of 2024. The recommended alternative is IPsec with IKEv2, aiming to decrease the attack surface for secure … Read more