Vulnerabilidades en Cisco

3214 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2021-1129MEDIUMCisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure VulnerabilityEPSS 1.1%CVE-2021-1266MEDIUMCisco Managed Services Accelerator Denial of Service VulnerabilityEPSS 1.1%CVE-2020-3567MEDIUMCisco Industrial Network Director Denial of Service VulnerabilityEPSS 1.1%CVE-2021-1581MEDIUMCisco Application Policy Infrastructure Controller Command Injection and File Upload VulnerabilitiesEPSS 1.1%CVE-2019-12666MEDIUMCisco IOS XE Software Path Traversal VulnerabilityEPSS 1.1%CVE-2020-3472MEDIUMCisco Webex Meetings User Email Address Information Disclosure VulnerabilityEPSS 1.1%CVE-2018-15380HIGHCisco HyperFlex Software Command Injection VulnerabilityEPSS 1.1%CVE-2021-1465MEDIUMA vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to condEPSS 1.1%CVE-2021-40122MEDIUMCisco Meeting Server Call Bridge Denial of Service VulnerabilityEPSS 1.1%CVE-2022-20750MEDIUMCisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service VulnerabilityEPSS 1.1%CVE-2020-27133CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 1.1%CVE-2019-1851MEDIUMCisco Identity Services Engine Arbitrary Client Certificate Creation VulnerabilityEPSS 1.1%CVE-2020-3410HIGHCisco Firepower Management Center Software Common Access Card Authentication Bypass VulnerabilityEPSS 1.1%CVE-2018-15390Cisco Firepower Threat Defense Software FTP Inspection Denial of Service VulnerabilityEPSS 1.1%CVE-2022-20817HIGHCisco IP Phone Duplicate Key VulnerabilityEPSS 1.1%CVE-2018-15429Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access VulnerabilityEPSS 1.1%CVE-2021-1530MEDIUMCisco BroadWorks Messaging Server XML External Entity Injection VulnerabilityEPSS 1.1%CVE-2020-3448MEDIUMCisco Cyber Vision Center Software Access Control Bypass VulnerabilityEPSS 1.1%CVE-2019-15255MEDIUMCisco Identity Services Engine Authorization Bypass VulnerabilityEPSS 1.1%CVE-2019-12644MEDIUMCisco Identity Services Engine Cross-Site Scripting VulnerabilityEPSS 1.1%