CVE-2014-2120
Published: 19 March 2014
Summary
CVE-2014-2120 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2014-2120 is a cross-site scripting vulnerability, tracked as Bug ID CSCun19025 and assigned CWE-79, that affects the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software. The flaw permits injection of arbitrary web script or HTML through an unspecified parameter on the login page.
Remote attackers can exploit the issue over the network without authentication by crafting a malicious request that triggers script execution in a victim's browser when the user interacts with the WebVPN login page. Successful exploitation yields limited impacts to confidentiality and integrity, with changed scope due to the reflected or stored script running in the context of the affected Cisco ASA interface.
Advisories referenced at the Cisco Security Notice URL and related trackers such as SecurityFocus and SecurityTracker provide further details on the affected releases and recommended actions. No information on observed real-world exploitation is included in the supplied data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-2160
Vulnerability details
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
- CWE(s)
- KEV Date Added
- 12 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the WebVPN login page, blocking the arbitrary script/HTML injection vector described in CSCun19025.
Requires filtering of information returned by the login page, limiting the ability of injected scripts to execute in the victim's browser context.
Enables monitoring and analysis of network traffic to the ASA WebVPN interface to identify anomalous requests carrying XSS payloads.