CVE-2014-2120
MEDIUM KEVCisco Adaptive Security Appliance Software - Cross-Site Scripting via WebVPN Login Page Parameter
Title source: llmExploitation Summary
CVE-2014-2120 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 12, 2024.
Description
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029935
Broken Link, Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66290
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120
Scores
CVSS v3
6.1
EPSS
0.7514
EPSS Percentile
98.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2024-11-12
VulnCheck KEV
2024-11-07
InTheWild.io
2024-11-12
ENISA EUVD
EUVD-2014-2160
CWE
CWE-79
Status
published
Products (1)
cisco/adaptive_security_appliance_software
Published
Mar 19, 2014
KEV Added
Nov 12, 2024
Tracked Since
Feb 18, 2026