Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2022-20765MEDIUMCisco UCS Director JavaScript Cross-Site Scripting VulnerabilityEPSS 0.5%CVE-2022-20869MEDIUMCisco BroadWorks Application Delivery Platform Software Cross-Site Scripting VulnerabilityEPSS 0.5%CVE-2020-3135MEDIUMCisco Unified Communications Manager Cross-Site Request Forgery VulnerabilityEPSS 0.5%CVE-2023-20194MEDIUMA vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operatinEPSS 0.5%CVE-2020-3409HIGHCisco IOS and IOS XE Software PROFINET Denial of Service VulnerabilityEPSS 0.5%CVE-2020-3220MEDIUMCisco IOS XE Software IPsec VPN Denial of Service VulnerabilityEPSS 0.5%CVE-2023-20261MEDIUMA vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files froEPSS 0.5%CVE-2023-20177MEDIUMA vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connectiEPSS 0.5%CVE-2021-1496HIGHCisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking VulnerabilitiesEPSS 0.5%CVE-2024-20493MEDIUMA vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) SoEPSS 0.5%CVE-2020-3385HIGHCisco SD-WAN vEdge Routers Denial of Service VulnerabilityEPSS 0.5%CVE-2024-20529MEDIUMCisco Identity Services Engine Arbitrary File Read and Delete VulnerabilityEPSS 0.5%CVE-2024-20527MEDIUMCisco Identity Services Engine Arbitrary File Read and Delete VulnerabilityEPSS 0.5%CVE-2023-20062MEDIUMCisco Unified Intelligence Center VulnerabilitiesEPSS 0.5%CVE-2019-1918HIGHCisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service VulnerabilityEPSS 0.5%CVE-2024-20402HIGHA vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) SoftwarEPSS 0.5%CVE-2018-0381MEDIUMCisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service VulnerabilityEPSS 0.5%CVE-2022-20938MEDIUMA vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could alloEPSS 0.5%CVE-2021-1425MEDIUMCisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure VulnerabilityEPSS 0.5%CVE-2024-20502MEDIUMA vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unEPSS 0.5%