Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2026-20178MEDIUMA vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to EPSS 0.2%CVE-2026-20060MEDIUMCisco Unity Connection Open Redirect VulnerabilityEPSS 0.2%CVE-2022-20732HIGHCisco Virtualized Infrastructure Manager Privilege Escalation VulnerabilityEPSS 0.2%CVE-2023-20121MEDIUMCisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection VulnerabilitiesEPSS 0.2%CVE-2024-20430HIGHCisco Meraki Systems Manager Agent for Windows Privilege Escalation VulnerabilityEPSS 0.2%CVE-2023-20122MEDIUMCisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection VulnerabilitiesEPSS 0.2%CVE-2025-20191HIGHMultiple Cisco Products Denial of Service VulnerabilityEPSS 0.2%CVE-2023-20039MEDIUMCisco Industrial Network Director File PermissionsEPSS 0.2%CVE-2024-20485MEDIUMA vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software EPSS 0.2%CVE-2019-1586MEDIUMCisco Application Policy Infrastructure Controller Recoverable Encryption Key VulnerabilityEPSS 0.2%CVE-2024-20366HIGHA vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator EPSS 0.2%CVE-2023-20241MEDIUMMultiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local atEPSS 0.2%CVE-2025-20328MEDIUMA vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privilegEPSS 0.2%CVE-2023-20240MEDIUMMultiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local atEPSS 0.2%CVE-2025-20356MEDIUMCisco CyberVision Center Sensor Explorer Stored Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2025-20357MEDIUMCisco CyberVision Center Reports Stored Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2025-20289MEDIUMMultiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker EPSS 0.2%CVE-2025-20195MEDIUMA vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a EPSS 0.2%CVE-2025-20353MEDIUMCisco Catalyst Center Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2022-20850MEDIUMCisco SD-WAN Arbitrary File Deletion VulnerabilityEPSS 0.2%