Cisco has updated its advisory for a decade-old vulnerability, CVE-2014-2120, a medium-severity XSS issue in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) products. The vulnerability allows unauthenticated attackers to execute malicious scripts by luring users into clicking a crafted link. The update highlights in-the-wild exploitation detected as of November 2024, urging customers to patch their systems immediately.

‍