# Vulnerabilidades - 2020 Ano da pandemia trouxe exploração massiva de infraestrutura de acesso remoto. **Zerologon** (CVE-2020-1472) comprometeu domínios Active Directory inteiros. SolarWinds Orion (CVE-2020-10148) foi vetor do maior ataque de supply chain da década. Oracle WebLogic e F5 BIG-IP também foram alvos de exploração ativa. --- ## CVEs Documentados %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2020" SORT cvss-score DESC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2020" SORT cvss-score DESC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2020" SORT cvss-score DESC --> | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | --------------- | ------------------------------------------------------------------------------ | | [[cve-2020-1472\|CVE-2020-1472]] | 10 | Microsoft | Windows Netlogon Remote Protocol | | [[cve-2020-5902\|CVE-2020-5902]] | 10 | F5 | F5 BIG-IP (TMUI / Traffic Management User Interface) | | [[cve-2020-10148\|CVE-2020-10148]] | 9.8 | SolarWinds | Orion Platform | | [[cve-2020-12812\|CVE-2020-12812]] | 9.8 | Fortinet | FortiOS SSL VPN | | [[cve-2020-14750\|CVE-2020-14750]] | 9.8 | Oracle | Oracle WebLogic Server | | [[cve-2020-14882\|CVE-2020-14882]] | 9.8 | Oracle | WebLogic Server | | [[cve-2020-7796\|CVE-2020-7796]] | 9.8 | Synacor | Zimbra Collaboration Suite | | [[cve-2020-9054\|CVE-2020-9054]] | 9.8 | Zyxel | Zyxel NAS326, NAS520, NAS540, NAS542 | | [[cve-2020-0688\|CVE-2020-0688]] | 8.8 | Microsoft | Microsoft Exchange Server | | [[cve-2020-10383\|CVE-2020-10383]] | 8.8 | MB Connect Line | mbCONNECT24 / mymbCONNECT24 | | [[cve-2020-3259\|CVE-2020-3259]] | 7.5 | Cisco | Cisco ASA (Adaptive Security Appliance) e Cisco FTD (Firepower Threat Defense) | | [[cve-2020-8243\|CVE-2020-8243]] | 7.2 | Pulse Secure | Pulse Connect Secure (VPN) | | [[cve-2020-8260\|CVE-2020-8260]] | 7.2 | Pulse Secure | Pulse Connect Secure (VPN) | | [[cve-2020-35730\|CVE-2020-35730]] | 6.1 | Roundcube | Roundcube Webmail | | [[vulnerabilities/2020/_2020.md\|_2020]] | \- | \- | \- | <!-- SerializedQuery END -->