CVE-2014-2120

high-risk
Published 2014-03-19

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.

Do I need to act?

!
63.9% chance of exploitation in next 30 days
EPSS score — higher than 36% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Cisco

References (7)

Broken Link http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120
Broken Link http://www.securityfocus.com/bid/66290
Broken Link http://www.securitytracker.com/id/1029935
Broken Link http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120
Broken Link http://www.securityfocus.com/bid/66290
Broken Link http://www.securitytracker.com/id/1029935
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-...
54
/ 100
high-risk
Severity 23/34 · High
Exploitability 26/34 · High
Exposure 5/34 · Minimal