Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability – Updated [CVE-2014-2120]
CVE number = CVE-2014-2120
A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA.
The vulnerability is due to insufficient input validation of a parameter.
An attacker could exploit this vulnerability by convincing a user to access a malicious link.
In November 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.
Further information – https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120
Blogger at www.systemtek.co.uk