Vulnerabilidades en Cisco

3214 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2022-20671MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20670MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20672MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20673MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20674MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2019-1722MEDIUMCisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery VulnerabilityEPSS 0.7%CVE-2022-20669MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20666MEDIUMCisco Common Services Platform Collector Cross-Site Scripting VulnerabilitiesEPSS 0.7%CVE-2022-20928MEDIUMA vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and FiEPSS 0.7%CVE-2024-20459MEDIUMCisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Command Injection VulnerabilityEPSS 0.7%CVE-2020-3199HIGHCisco IOx Application Environment for IOS Software for Cisco Industrial Routers VulnerabilitiesEPSS 0.7%CVE-2022-20952MEDIUMA vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security AppliEPSS 0.7%CVE-2023-20057NONEA vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticEPSS 0.7%CVE-2023-20081MEDIUMCisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service VulnerabilityEPSS 0.7%CVE-2021-1477MEDIUMCisco Firepower Management Center Software Policy VulnerabilityEPSS 0.7%CVE-2019-1709MEDIUMCisco Firepower Threat Defense Software Command Injection VulnerabilityEPSS 0.7%CVE-2020-3485MEDIUMCisco Vision Dynamic Signage Director Role-Based Access Control VulnerabilityEPSS 0.7%CVE-2023-20042MEDIUMA vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTEPSS 0.7%CVE-2020-3329MEDIUMCisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control VulnerabilityEPSS 0.7%CVE-2023-20007MEDIUMA vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers EPSS 0.7%