Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2020-3519MEDIUMCisco Data Center Network Manager Path Traversal VulnerabilityEPSS 1.0%CVE-2020-3307MEDIUMCisco Firepower Management Center Arbitrary Log File Write VulnerabilityEPSS 1.0%CVE-2021-34754MEDIUMCisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass VulnerabilitiesEPSS 1.0%CVE-2021-34696MEDIUMCisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass VulnerabilityEPSS 1.0%CVE-2018-15437MEDIUMCisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service VulnerabilityEPSS 1.0%CVE-2023-20045MEDIUMA vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticateEPSS 1.0%CVE-2021-34774MEDIUMCisco Common Services Platform Collector Information Disclosure VulnerabilityEPSS 1.0%CVE-2020-26079MEDIUMCisco IoT Field Network Director Unprotected Storage of Credentials VulnerabilityEPSS 1.0%CVE-2022-20736MEDIUMCisco AppDynamics Controller Authorization Bypass VulnerabilityEPSS 1.0%CVE-2022-20764MEDIUMCisco TelePresence Collaboration Endpoint and RoomOS Software VulnerabilitiesEPSS 1.0%CVE-2023-20124MEDIUMCisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution VulnerabilityEPSS 1.0%CVE-2020-3318HIGHCisco Firepower Management Center Static Credential VulnerabilitiesEPSS 1.0%CVE-2022-20846MEDIUMCisco IOS XR Software Cisco Discovery Protocol Buffer Overflow VulnerabilityEPSS 1.0%CVE-2021-1417CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 1.0%CVE-2020-3317MEDIUMCisco Firepower Threat Defense Software SSL Input Validation Denial of Service VulnerabilityEPSS 1.0%CVE-2020-3506HIGHCisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service VulnerabilitiesEPSS 1.0%CVE-2021-40128MEDIUMCisco Webex Meetings Email Content Injection VulnerabilityEPSS 1.0%CVE-2022-20664HIGHCisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure VulnerabilityEPSS 1.0%CVE-2022-20913MEDIUMCisco Nexus Dashboard Arbitrary File Write VulnerabilityEPSS 1.0%CVE-2022-20962LOWA vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker toEPSS 1.0%