Vulnerabilidades en Cisco

3206 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2020-3223MEDIUMCisco IOS XE Software Web UI Arbitrary File Read VulnerabilityEPSS 1.9%CVE-2021-34762HIGHCisco Firepower Management Center Software Authenticated Directory Traversal VulnerabilityEPSS 1.9%CVE-2020-3194HIGHCisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution VulnerabilityEPSS 1.9%CVE-2019-1900HIGHCisco Integrated Management Controller Unauthenticated Denial of Service VulnerabilityEPSS 1.9%CVE-2021-1247HIGHCisco Data Center Network Manager SQL Injection VulnerabilitiesEPSS 1.9%CVE-2019-1825HIGHCisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection VulnerabilitiesEPSS 1.9%CVE-2019-1824HIGHCisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection VulnerabilitiesEPSS 1.9%CVE-2018-0460Cisco Enterprise NFV Infrastructure Software Information Disclosure VulnerabilityEPSS 1.9%CVE-2020-3436HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service VulnerabilityEPSS 1.9%CVE-2021-1274HIGHCisco SD-WAN Denial of Service VulnerabilitiesEPSS 1.9%CVE-2020-3373HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak VulnerabilityEPSS 1.9%CVE-2020-3128HIGHCisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution VulnerabilitiesEPSS 1.9%CVE-2019-1961MEDIUMCisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read VulnerabilityEPSS 1.9%CVE-2019-1626HIGHCisco SD-WAN Solution Privilege Escalation VulnerabilityEPSS 1.9%CVE-2021-1248HIGHCisco Data Center Network Manager SQL Injection VulnerabilitiesEPSS 1.9%CVE-2018-15398Cisco Adaptive Security Appliance Access Control List Bypass VulnerabilityEPSS 1.9%CVE-2021-34735HIGHCisco ATA 190 Series Analog Telephone Adapter Software VulnerabilitiesEPSS 1.9%CVE-2021-1359MEDIUMCisco Web Security Appliance Privilege Escalation VulnerabilityEPSS 1.9%CVE-2019-12700HIGHCisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service VulnerabilityEPSS 1.9%CVE-2020-26070HIGHCisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service VulnerabilityEPSS 1.9%