This is not a hypothetical situation, but a real-world occurrence. Actually it's no surprise, as many organizations still lack a proper vulnerability management system. The worst part is, some of them are unaware of the risks involved with not having a vulnerability management system.
"Cisco on Monday (2 Dec 2024) updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance."
"The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware."
No comments:
Post a Comment