Vulnerabilidades en Cisco

3214 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2019-1609MEDIUMCisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)EPSS 0.9%CVE-2019-1707MEDIUMCisco DNA Center Access Contract Stored Cross-Site Scripting VulnerabilityEPSS 0.9%CVE-2019-1882MEDIUMCisco Industrial Network Director Stored Cross-Site Scripting VulnerabilityEPSS 0.9%CVE-2019-1777MEDIUMCisco Registered Envelope Service Stored Cross-Site Scripting VulnerabilityEPSS 0.9%CVE-2023-20219HIGHMultiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, rEPSS 0.9%CVE-2022-20942MEDIUMA vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and CiscoEPSS 0.9%CVE-2024-20291MEDIUMA vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in EPSS 0.9%CVE-2022-20943MEDIUMMultiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products couEPSS 0.9%CVE-2024-20338HIGHA vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to eleEPSS 0.9%CVE-2023-20272MEDIUMA vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to uplEPSS 0.9%CVE-2021-1416MEDIUMCisco Identity Services Engine Sensitive Information Disclosure VulnerabilitiesEPSS 0.9%CVE-2022-20917MEDIUMA vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticEPSS 0.9%CVE-2022-20809MEDIUMCisco Expressway Series and Cisco TelePresence Video Communication Server VulnerabilitiesEPSS 0.9%CVE-2021-1625MEDIUMCisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection VulnerabilityEPSS 0.9%CVE-2020-27124HIGHCisco Adaptive Security Appliance Software SSL/TLS Denial of Service VulnerabilityEPSS 0.9%CVE-2023-20197HIGHA vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attEPSS 0.9%CVE-2020-26084MEDIUMCisco Edge Fog Fabric Resource Exposure VulnerabilityEPSS 0.9%CVE-2022-20744MEDIUMCisco Firepower Management Center Software Information Disclosure VulnerabilityEPSS 0.9%CVE-2024-20365MEDIUMCisco Integrated Management Controller Redfish Command Injection VulnerabilityEPSS 0.9%CVE-2019-1875MEDIUMCisco Prime Service Catalog Cross-Site Scripting VulnerabilityEPSS 0.9%