InfoSecBulletin Cybersecurity for mankind
Cisco has released an updated security advisory about CVE-2014-2120, a vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software.
This flaw, disclosed in 2014, allows unauthenticated remote attackers to perform cross-site scripting (XSS) attacks on WebVPN users. The advisory highlights that this vulnerability is currently being actively exploited, emphasizing the urgency for mitigation.
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
CVE-2014-2120 is an XSS vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. Cisco’s advisory states that this vulnerability is due to insufficient input validation, allowing attackers to create malicious links that run arbitrary scripts in a victim’s browser when clicked.
The advisory warns that an attacker could exploit vulnerabilities to target WebVPN users on certain Cisco ASA devices without needing authentication.
In November 2024, Cisco PSIRT reported renewed exploitation activity. The company advises customers to upgrade to a fixed software release to address the vulnerability but will not offer free software updates for issues highlighted in Security Notices. Customers should contact their usual support channels for the necessary upgrades.
CISA added CVE-2014-2120 to its Known Exploited Vulnerabilities Catalog on November 12, 2024, highlighting the need for organizations to address this issue urgently.
Cisco PSIRT would like to thank Piotr Karolak of Trustwave’s SpiderLabs for reporting this vulnerability.
Organizations using third-party support for Cisco products should check with their service providers to ensure that any fixes are appropriate for their network setups.
