Vulnerabilidades em Cisco

3.206 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2020-3228MEDIUMCisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service VulnerabilityEPSS 1.8%CVE-2018-0458Cisco Prime Collaboration Assurance Cross-Site Scripting VulnerabilityEPSS 1.8%CVE-2020-3338HIGHCisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1662HIGHCisco Prime Collaboration Assurance Software Unauthenticated Access VulnerabilityEPSS 1.8%CVE-2020-3141HIGHCisco IOS XE Software Privilege Escalation VulnerabilitiesEPSS 1.8%CVE-2021-1580MEDIUMCisco Application Policy Infrastructure Controller Command Injection and File Upload VulnerabilitiesEPSS 1.8%CVE-2019-12663MEDIUMCisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1876MEDIUMCisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass VulnerabilityEPSS 1.8%CVE-2019-1887HIGHCisco Unified Communications Manager Session Initiation Protocol Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1891HIGHCisco Small Business Series Switches HTTP Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1892HIGHCisco Small Business Series Switches Memory Corruption VulnerabilityEPSS 1.8%CVE-2019-12673HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1817HIGHCisco Web Security Appliance Malformed Request Denial of Service VulnerabilityEPSS 1.8%CVE-2019-1968MEDIUMCisco NX-OS Software NX-API Denial of Service VulnerabilityEPSS 1.8%CVE-2020-3309MEDIUMCisco Firepower Device Manager On-Box Software Arbitrary File Overwrite VulnerabilityEPSS 1.8%CVE-2021-1506CRITICALCisco SD-WAN vManage Software VulnerabilitiesEPSS 1.8%CVE-2020-3302MEDIUMCisco Firepower Management Center File Overwrite VulnerabilityEPSS 1.7%CVE-2019-15288HIGHCisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation VulnerabilityEPSS 1.7%CVE-2021-34795CRITICALCisco Catalyst PON Series Switches Optical Network Terminal VulnerabilitiesEPSS 1.7%CVE-2020-3419MEDIUMCisco Webex Meetings and Cisco Webex Meetings Server Ghost Join VulnerabilityEPSS 1.7%