Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2022-20874MEDIUMCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service VulnerabilitiesEPSS 1.1%CVE-2020-3542MEDIUMCisco Webex Training Unauthorized Meeting Join VulnerabilityEPSS 1.1%CVE-2018-15455MEDIUMCisco Identity Services Engine Logging Cross-Site Scripting VulnerabilityEPSS 1.1%CVE-2019-1878HIGHCisco TelePresence Endpoint Command Shell Injection VulnerabilityEPSS 1.1%CVE-2022-20697HIGHCisco IOS and IOS XE Software Web Services Denial of Service VulnerabilityEPSS 1.1%CVE-2020-3242MEDIUMCisco UCS Director Information Disclosure VulnerabilityEPSS 1.1%CVE-2019-12711MEDIUMCisco Unified Communications Manager XML External Expansion VulnerabilityEPSS 1.1%CVE-2020-3546MEDIUMCisco Email Security Appliance Information Disclosure VulnerabilityEPSS 1.1%CVE-2023-20220HIGHMultiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticaEPSS 1.1%CVE-2022-20859MEDIUMCisco Unified Communications Products Access Control VulnerabilityEPSS 1.1%CVE-2019-16029HIGHCisco Smart Software Manager On-Prem Web Interface Denial of Service VulnerabilityEPSS 1.1%CVE-2019-1901HIGHCisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow VulnerabilityEPSS 1.1%CVE-2021-1494MEDIUMMultiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker tEPSS 1.1%CVE-2022-20692HIGHCisco IOS XE Software NETCONF Over SSH Denial of Service VulnerabilityEPSS 1.1%CVE-2019-1706HIGHCisco Adaptive Security Appliance Software IPsec Denial of Service VulnerabilityEPSS 1.1%CVE-2019-1954MEDIUMCisco Webex Meetings Server Open Redirection VulnerabilityEPSS 1.1%CVE-2018-15404Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service VulnerabilityEPSS 1.1%CVE-2019-1856MEDIUMCisco Prime Collaboration Assurance Cross-Site Scripting VulnerabilityEPSS 1.1%CVE-2022-20680MEDIUMCisco Prime Service Catalog Information Disclosure VulnerabilityEPSS 1.1%CVE-2020-3121MEDIUMCisco Small Business Smart and Managed Switches Cross-Site Scripting VulnerabilityEPSS 1.1%