Regulatory Triage ICT Providers

Cisco

Network & Security

Period: 7d 14d 30d 90d
16
Open CVEs
0
Exploited
0
KEV
16
Unpatched
11
No Workaround
13
Internet-facing

Why this provider is risky now

This provider has 16 open CVE(s) in the last 14 days. 16 have no vendor patch. 13 affect internet-facing services. 1 impact the management/identity plane.

16 Unpatched 1 Mgmt / Admin Plane 1 Public PoC 11 No Workaround 13 Internet-facing

Top Risky CVEs

CVE-2026-20160
Act Now
Unpatched
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Within 24 hours: Identify all Cisco SSM On-Prem instances in your environment and isolate from untrusted networks; document current versions. Within 7 days: Implement network segmentation restricting SSM On-Prem API access to authorized administrator networks only; enable comprehensive logging and monitoring of all API requests; review access logs for suspicious activity. Within 30 days: Monitor Cisco security advisories for patch release and apply immediately upon availability; contact Cisco support for workaround guidance specific to your deployment; evaluate temporary migration of license management functions to alternative systems if available.
ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Cisco
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
9.8
CVSS
0.2%
EPSS
49
Priority
CVE-2026-20093
Act Now
Unpatched
Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.
Within 24 hours: Identify and inventory all Cisco IMC instances (Enterprise NFV Infrastructure, UCS Standalone, UCS E-Series) in your environment and isolate affected devices from untrusted networks; restrict management access to administrative networks only via firewall rules. Within 7 days: Contact Cisco support for patch availability and timeline, as no vendor-released patch is currently identified; implement network segmentation restricting management traffic to jump hosts with multi-factor authentication. Within 30 days: Apply vendor-released patch immediately upon availability; conduct password audit of all affected IMC administrative accounts and force reset of all credentials post-remediation.
Edge exposure ICT dependency No patch available PoC
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Third-party ICT: Cisco
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
9.8
CVSS
0.0%
EPSS
49
Priority
CVE-2026-20094
This Week
Unpatched
Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.
Within 24 hours: Inventory all Cisco IMC instances in production and identify current firmware versions; restrict network access to IMC web interfaces to administrative jump hosts only. Within 7 days: Disable or isolate IMC instances not in active use; implement network segmentation to limit lateral movement from compromised IMC systems. Within 30 days: Monitor Cisco security advisories for patch availability and test in non-production environment immediately upon release; plan emergency patching schedule with change management.
Edge exposure ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-77: Command Injection)
  • Third-party ICT: Cisco
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
8.8
CVSS
0.3%
EPSS
44
Priority
CVE-2026-20155
This Week
Unpatched
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.
Within 24 hours: Identify all Cisco EPNM instances in your environment and document active user accounts with API access; rotate all administrative credentials managed through EPNM. Within 7 days: Restrict REST API access to high-privilege accounts only; implement network segmentation to limit EPNM management interface access to trusted administrator networks; enable audit logging for all REST API calls. Within 30 days: Contact Cisco for patch timeline and interim security guidance; evaluate replacing EPNM with alternative network management solutions if patch is not released; conduct access review of all EPNM user accounts to revoke unnecessary API permissions.
Edge exposure ICT dependency No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: Cisco
  • No patch available
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
  • Authentication / access control weakness
8.0
CVSS
0.1%
EPSS
40
Priority
CVE-2026-20151
This Week
Unpatched
Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).
Within 24 hours: Inventory all Cisco SSM On-Prem deployments and identify System User accounts; restrict System User role assignments to essential personnel only and review recent access logs for suspicious activity. Within 7 days: Contact Cisco support for patch availability timeline and interim security guidance; implement network segmentation to limit SSM On-Prem web interface access to trusted administrative networks only. Within 30 days: Apply vendor patch immediately upon release; conduct full access review and reset credentials for all System User accounts as a precautionary measure.
ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Cisco
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Cisco (Network & Security)
  • No remediation available
7.3
CVSS
0.0%
EPSS
37
Priority
CVE-2026-20095
This Month
Unpatched
Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover.
Edge exposure ICT dependency
Why flagged?
6.5
CVSS
0.1%
EPSS
33
Priority
CVE-2026-20096
This Month
Unpatched
Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.
Edge exposure ICT dependency
Why flagged?
6.5
CVSS
0.1%
EPSS
33
Priority
CVE-2026-20097
This Month
Unpatched
Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.
Edge exposure ICT dependency
Why flagged?
6.5
CVSS
0.1%
EPSS
33
Priority
CVE-2026-20042
This Month
Unpatched
Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.
ICT dependency
Why flagged?
6.5
CVSS
0.0%
EPSS
33
Priority
CVE-2026-20085
This Month
Unpatched
Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.
Edge exposure ICT dependency
Why flagged?
6.1
CVSS
0.0%
EPSS
31
Priority

By Exposure

Internet-facing
13
Mgmt / Admin Plane
1
Identity / Auth
1
Internal only
3

By Exploitability

Known exploited
0
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
4
Local only
0

By Remediation

Patch available
0
No patch
16
Workaround available
5
No workaround
11

Affected Services / Product Families

Cisco
16 CVE(s)
CVE-2026-20041 MEDIUM Unpatched
CVE-2026-20042 MEDIUM Unpatched
CVE-2026-20085 MEDIUM Unpatched
CVE-2026-20087 MEDIUM Unpatched
CVE-2026-20088 MEDIUM Unpatched
CVE-2026-20089 MEDIUM Unpatched
CVE-2026-20090 MEDIUM Unpatched
CVE-2026-20093 CRITICAL PoC Unpatched
CVE-2026-20094 HIGH Unpatched
CVE-2026-20095 MEDIUM Unpatched
+ 6 more

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy