Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2025-20313MEDIUMMultiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticEPSS 0.2%CVE-2021-34758MEDIUMCisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service VulnerabilityEPSS 0.2%CVE-2026-20175MEDIUMCisco Finesse File Inclusion VulnerabilityEPSS 0.2%CVE-2026-20123MEDIUMCisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect VulnerabilityEPSS 0.2%CVE-2026-20004HIGHA vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memorEPSS 0.2%CVE-2025-20295MEDIUMCisco UCS Manager Software Command Injection VulnerabilityEPSS 0.2%CVE-2021-1567HIGHCisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking VulnerabilityEPSS 0.2%CVE-2024-20389HIGHA vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, loEPSS 0.2%CVE-2022-20805MEDIUMCisco Umbrella Secure Web Gateway File Decryption Bypass VulnerabilityEPSS 0.2%CVE-2026-20111MEDIUMCisco Prime Infrastructure Stored Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2023-20260MEDIUMA vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticEPSS 0.2%CVE-2022-20845MEDIUMCisco Network Convergence System 4000 Series TL1 Denial of Service VulnerabilityEPSS 0.2%CVE-2019-1667MEDIUMCisco HyperFlex Arbitrary Statistics Write VulnerabilityEPSS 0.2%CVE-2025-20308MEDIUMCisco Spaces Connector Privilege Escalation VulnerabilityEPSS 0.2%CVE-2026-20055MEDIUMCisco Packaged Contact Center Enterprise & Cisco Unified Contact Center Enterprise Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2026-20132MEDIUMCisco Identity Services Engine Multiple Cross-Site Scripting VulnerabilitiesEPSS 0.2%CVE-2026-20109MEDIUMCisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2025-20117MEDIUMCisco Application Policy Infrastructure Controller Authenticated Command Injection VulnerabilityEPSS 0.2%CVE-2026-20017MEDIUMCisco Secure FTD Software Authenticated Command Injection VulnerabilityEPSS 0.2%CVE-2023-20084MEDIUMA vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpointEPSS 0.2%