CVE-2014-2120

CVE Database · CVE-2014-2120

CVE-2014-2120

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

14.03%

Published

Mar 18, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2024-11-12 · Due: 2024-12-03

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (1)

cisco · adaptive_security_appliance_softwarevulnerable

References (7)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120

Broken LinkVendor Advisory

http://www.securityfocus.com/bid/66290

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029935

Broken LinkThird Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120

Broken LinkVendor Advisory

http://www.securityfocus.com/bid/66290

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs