Vulnerabilidades em Cisco

3.214 resultados
Análise Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2021-34766MEDIUMCisco Smart Software Manager Privilege Escalation VulnerabilityEPSS 0.9%CVE-2024-20424CRITICALA vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower ManagemeEPSS 0.9%CVE-2021-1418CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 0.9%CVE-2021-1286MEDIUMCisco Data Center Network Manager VulnerabilitiesEPSS 0.9%CVE-2021-34772MEDIUMCisco Orbital Open Redirect VulnerabilityEPSS 0.9%CVE-2019-15963MEDIUMCisco Unified Communications Manager Information Disclosure VulnerabilityEPSS 0.9%CVE-2022-20688MEDIUMA vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unautEPSS 0.9%CVE-2020-3598MEDIUMCisco Vision Dynamic Signage Director Missing Authentication VulnerabilityEPSS 0.9%CVE-2019-16017MEDIUMCisco Unified Customer Voice Portal Insecure Direct Object Reference VulnerabilityEPSS 0.9%CVE-2023-20108HIGHA vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&PEPSS 0.9%CVE-2018-15445MEDIUMCisco Energy Management Suite Cross-Site Request Forgery VulnerabilityEPSS 0.9%CVE-2020-3372MEDIUMCisco SD-WAN vManage Software Denial of Service VulnerabilityEPSS 0.9%CVE-2020-3549HIGHCisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash VulnerabilityEPSS 0.9%CVE-2026-20095MEDIUMCisco Integrated Management Controller Command Injection VulnerabilityEPSS 0.9%CVE-2020-3117MEDIUMCisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection VulnerabilityEPSS 0.9%CVE-2022-20686MEDIUMMultiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmwareEPSS 0.9%CVE-2019-1719MEDIUMCisco Identity Services Engine Cross-Site Scripting VulnerabilityEPSS 0.9%CVE-2022-20687MEDIUMMultiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmwareEPSS 0.9%CVE-2020-3565MEDIUMCisco Firepower Threat Defense Software TCP Intercept Bypass VulnerabilityEPSS 0.9%CVE-2024-20267HIGHA vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netsEPSS 0.9%