Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild.
The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, allowing an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
Cisco first published the advisory in March 2024, but recently detected new exploitation attempts for the vulnerability.
Cisco urges customers to upgrade to a fixed software release to mitigate the vulnerability.