Vulnerabilidades en Cisco

3206 resultados
Análisis Vexday

Com 3.204 CVEs catalogadas e 53 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Cisco está 3,7 vezes acima da média geral do catálogo, o que indica risco operacional significativamente elevado para organizações que dependem dessas tecnologias. Há ainda 199 vulnerabilidades de severidade crítica e 77 com prova de conceito pública disponível, ampliando a superfície de ataque explorável sem necessidade de capacidade ofensiva avançada. O tipo de falha mais recorrente é CWE-20 (validação de entrada inadequada), uma classe de vulnerabilidade frequentemente presente em componentes de rede e que tende a produzir impacto amplo quando explorada. A CVE mais perigosa em exploração ativa neste momento é CVE-2021-1498, com EPSS máximo de 1,0 — indicando probabilidade de exploração extremamente alta —, e deve ser tratada como prioridade imediata em qualquer processo de gestão de patches.

CVE-2019-12643CRITICALCisco REST API Container for IOS XE Software Authentication Bypass VulnerabilityEPSS 5.3%CVE-2026-20128HIGHCisco Catalyst SD-WAN Manager Information Disclosure VulnerabilityEPSS 5.3%KEVCVE-2022-20706CRITICALCisco Small Business RV Series Routers VulnerabilitiesEPSS 5.2%CVE-2009-2631Clientless SSL VPN products break web browser domain-based security modelsEPSS 5.1%CVE-2020-3119HIGHCisco NX-OS Software Cisco Discovery Protocol Remote Code Execution VulnerabilityEPSS 5.1%CVE-2020-3327HIGHClamAV ARJ Archive Parsing Denial of Service VulnerabilityEPSS 5.1%CVE-2020-3218HIGHCisco IOS XE Software Web UI Remote Code Execution VulnerabilityEPSS 4.9%CVE-2019-1651CRITICALCisco SD-WAN Solution Buffer Overflow VulnerabilityEPSS 4.9%CVE-2019-1939HIGHCisco Webex Teams Logging Feature Command Execution VulnerabilityEPSS 4.7%CVE-2020-3258CRITICALCisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution VulnerabilitiesEPSS 4.6%CVE-2019-1845HIGHCisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service VulnerabilityEPSS 4.6%CVE-2018-0420MEDIUMCisco Wireless LAN Controller Software Directory Traversal VulnerabilityEPSS 4.6%CVE-2021-40113CRITICALCisco Catalyst PON Series Switches Optical Network Terminal VulnerabilitiesEPSS 4.6%CVE-2022-20711CRITICALCisco Small Business RV Series Routers VulnerabilitiesEPSS 4.6%CVE-2020-3470CRITICALCisco Integrated Management Controller Multiple Remote Code Execution VulnerabilitiesEPSS 4.6%CVE-2019-1938CRITICALCisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass VulnerabilityEPSS 4.6%CVE-2019-1974CRITICALCisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass VulnerabilityEPSS 4.5%CVE-2018-0378HIGHCisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service VulnerabilityEPSS 4.5%CVE-2019-1897MEDIUMCisco RV110W, RV130W, and RV215W Routers Denial of Service VulnerabilityEPSS 4.5%CVE-2020-3198CRITICALCisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution VulnerabilitiesEPSS 4.5%