# Vulnerabilidades - 2024 Zero-days em appliances de segurança: [[cve-2024-3400|PAN-OS]] (Palo Alto), [[cve-2024-47575|FortiJump]] (Fortinet) e Ivanti Connect Secure foram alvos prioritários de APTs chineses. > [!warning] Appliance Zero-Days > Destaque do ano com maior impacto operacional para organizações brasileiras e globais. --- ## CVEs Documentados %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2024" SORT cvss-score DESC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2024" SORT cvss-score DESC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, cve-id) AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities/2024" SORT cvss-score DESC --> | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | -------------------- | ------------------------------------------------------------------------ | | [[cve-2024-1709\|CVE-2024-1709]] | 10 | ConnectWise | ScreenConnect | | [[cve-2024-3400\|CVE-2024-3400]] | 10 | Palo Alto Networks | PAN-OS | | [[cve-2024-45519\|CVE-2024-45519]] | 10 | Zimbra | Zimbra Collaboration Suite | | [[cve-2024-0012\|CVE-2024-0012]] | 9.8 | Palo Alto Networks | PAN-OS | | [[cve-2024-12356\|CVE-2024-12356]] | 9.8 | BeyondTrust | Privileged Remote Access (PRA) / Remote Support (RS) | | [[cve-2024-23113\|CVE-2024-23113]] | 9.8 | Fortinet | FortiOS / FortiPAM / FortiProxy / FortiWeb | | [[cve-2024-28986\|CVE-2024-28986]] | 9.8 | SolarWinds | SolarWinds Web Help Desk | | [[cve-2024-28988\|CVE-2024-28988]] | 9.8 | SolarWinds | SolarWinds Web Help Desk | | [[cve-2024-37079\|CVE-2024-37079]] | 9.8 | Broadcom | vCenter Server | | [[cve-2024-40711\|CVE-2024-40711]] | 9.8 | Veeam | Veeam Backup & Replication | | [[cve-2024-43468\|CVE-2024-43468]] | 9.8 | Microsoft | Configuration Manager (SCCM/MECM) | | [[cve-2024-47575\|CVE-2024-47575]] | 9.8 | Fortinet | FortiManager | | [[cve-2024-55591\|CVE-2024-55591]] | 9.8 | Fortinet | FortiOS / FortiProxy | | [[cve-2024-50623\|CVE-2024-50623]] | 9.8 | Cleo | Cleo Harmony / VLTrader / LexiCom | | [[cve-2024-55956\|CVE-2024-55956]] | 9.8 | Cleo | Harmony, VLTrader, LexiCom | | [[cve-2024-21762\|CVE-2024-21762]] | 9.6 | Fortinet | FortiOS SSL VPN | | [[cve-2024-40766\|CVE-2024-40766]] | 9.3 | SonicWall | SonicOS (SonicWall Firewall) | | [[cve-2024-21887\|CVE-2024-21887]] | 9.1 | Ivanti | Connect Secure / Policy Secure | | [[cve-2024-20353\|CVE-2024-20353]] | 8.6 | Cisco | Cisco Adaptive Security Appliance (ASA) / Firepower Threat Defense (FTD) | | [[cve-2024-1708\|CVE-2024-1708]] | 8.4 | ConnectWise | ScreenConnect | | [[cve-2024-22024\|CVE-2024-22024]] | 8.3 | Ivanti | Connect Secure / Policy Secure / ZTA Gateways | | [[cve-2024-21893\|CVE-2024-21893]] | 8.2 | Ivanti | Ivanti Connect Secure / Policy Secure / Neurons for ZTA | | [[cve-2024-57726\|CVE-2024-57726]] | 8.1 | SimpleHelp | SimpleHelp Remote Support | | [[cve-2024-21338\|CVE-2024-21338]] | 7.8 | Microsoft | Windows Kernel (appid.sys) | | [[cve-2024-38193\|CVE-2024-38193]] | 7.8 | Microsoft | Windows Ancillary Function Driver for WinSock (afd.sys) | | [[cve-2024-21182\|CVE-2024-21182]] | 7.5 | Oracle | \- | | [[cve-2024-24919\|CVE-2024-24919]] | 7.5 | Check Point | Check Point Security Gateway / CloudGuard Network | | [[cve-2024-38112\|CVE-2024-38112]] | 7.5 | Microsoft | Windows MSHTML Platform | | [[cve-2024-57727\|CVE-2024-57727]] | 7.5 | SimpleHelp | SimpleHelp Remote Support | | [[cve-2024-39717\|CVE-2024-39717]] | 7.2 | Versa Networks | Versa Director | | [[cve-2024-57728\|CVE-2024-57728]] | 7.2 | SimpleHelp | SimpleHelp Remote Support | | [[cve-2024-7694\|CVE-2024-7694]] | 7.2 | TeamT5 | ThreatSonar Anti-Ransomware | | [[cve-2024-9474\|CVE-2024-9474]] | 7.2 | Palo Alto Networks | PAN-OS | | [[cve-2024-30088\|CVE-2024-30088]] | 7 | Microsoft | Windows Kernel | | [[cve-2024-20399\|CVE-2024-20399]] | 6.7 | Cisco | Cisco NX-OS | | [[cve-2024-43451\|CVE-2024-43451]] | 6.5 | Microsoft | Windows (múltiplas versões) | | [[cve-2024-11182\|CVE-2024-11182]] | 6.1 | MDaemon Technologies | MDaemon Email Server | | [[cve-2024-27443\|CVE-2024-27443]] | 6.1 | Synacor | Zimbra Collaboration Suite | | [[cve-2024-20359\|CVE-2024-20359]] | 6 | Cisco | Cisco ASA / FTD | | [[vulnerabilities/2024/_2024.md\|_2024]] | \- | \- | \- | <!-- SerializedQuery END -->