Vulnerabilidades en Cisco

3214 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2023-20256MEDIUMMultiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat DefEPSS 0.6%CVE-2023-20246MEDIUMMultiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attackeEPSS 0.6%CVE-2022-20781MEDIUMCisco Web Security Appliance Stored Cross-Site Scripting VulnerabilityEPSS 0.6%CVE-2022-20741MEDIUMCisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting VulnerabilityEPSS 0.6%CVE-2024-20500MEDIUMA vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unEPSS 0.6%CVE-2020-3266HIGHCisco SD-WAN Solution Command Injection VulnerabilityEPSS 0.6%CVE-2023-20111MEDIUMA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker EPSS 0.6%CVE-2024-20505MEDIUMClamAV Memory Handling DoSEPSS 0.6%CVE-2021-1154MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2021-1156MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2021-1153MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2023-25653HIGHImproper calculations in ECC implementation can trigger a Denial-of-Service (DoS)EPSS 0.6%CVE-2021-1157MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2021-1152MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2019-1727MEDIUMCisco NX-OS Software Python Parser Privilege Escalation VulnerabilityEPSS 0.6%CVE-2021-1155MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting VulnerabilitiesEPSS 0.6%CVE-2020-3456HIGHCisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery VulnerabilityEPSS 0.5%CVE-2024-20492MEDIUMCisco Expressway Series Privilege Escalation VulnerabilityEPSS 0.5%CVE-2021-1137HIGHCisco SD-WAN vManage Software VulnerabilitiesEPSS 0.5%CVE-2019-1632MEDIUMCisco Integrated Management Controller Cross-Site Request Forgery VulnerabilityEPSS 0.5%