112
Open CVEs
3
Exploited
3
KEV
112
Unpatched
11
No Workaround
45
Internet-facing
Why this provider is risky now
This provider has 112 open CVE(s) in the last 90 days. 3 listed in CISA KEV (known exploited). 112 have no vendor patch. 45 affect internet-facing services. 10 impact the management/identity plane.
3 KEV
3 Exploited
112 Unpatched
10 Mgmt / Admin Plane
4 Public PoC
11 No Workaround
45 Internet-facing
Top Risky CVEs
Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.
Within 24 hours: Isolate affected FMC instances from untrusted networks and restrict management interface access to authorized IP ranges only. Within 7 days: Implement network segmentation to limit FMC exposure and conduct forensic review of access logs for exploitation attempts. Within 30 days: Deploy alternative management infrastructure or migrate to patched version immediately upon availability; monitor Cisco security advisories for patch release.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-502: Deserialization of Untrusted Data)
- • Third-party ICT: Cisco
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
10.0
CVSS
0.6%
EPSS
141
Priority
Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.
Within 24 hours: Identify all Cisco SD-WAN Controller and Manager instances in your environment and isolate them to restricted network segments with strict access controls. Within 7 days: Implement continuous monitoring for unauthorized access attempts and administrative account changes; engage Cisco TAC for interim mitigation guidance specific to your deployment. Within 30 days: Develop and execute a migration plan to patched versions as they become available; consider temporary SD-WAN failover to alternative solutions if risk tolerance is exceeded.
Edge exposure
ICT dependency
Active exploitation
No patch available
Management plane
KEV
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-287: Improper Authentication)
- • Third-party ICT: Cisco
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Management plane (Improper Authentication)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
- • Authentication / access control weakness
10.0
CVSS
2.6%
EPSS
113
Priority
Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools.
Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-94: Code Injection)
- • Third-party ICT: Cisco
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Cisco (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
8.2
CVSS
1.0%
EPSS
92
Priority
Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.
Within 24 hours: Isolate affected FMC instances from untrusted networks and restrict administrative access to authorized personnel only. Within 7 days: Implement network segmentation to limit FMC exposure, enable comprehensive logging and monitoring for suspicious activity, and contact Cisco for interim security guidance. Within 30 days: Develop and test a migration plan to patched versions when available, and conduct forensic analysis for any unauthorized access indicators.
Edge exposure
ICT dependency
No patch available
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Cisco
- • Proof of concept available
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
10.0
CVSS
0.2%
EPSS
90
Priority
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Within 24 hours: Identify all Cisco SSM On-Prem instances in your environment and isolate from untrusted networks; document current versions. Within 7 days: Implement network segmentation restricting SSM On-Prem API access to authorized administrator networks only; enable comprehensive logging and monitoring of all API requests; review access logs for suspicious activity. Within 30 days: Monitor Cisco security advisories for patch release and apply immediately upon availability; contact Cisco support for workaround guidance specific to your deployment; evaluate temporary migration of license management functions to alternative systems if available.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: Cisco
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
9.8
CVSS
0.2%
EPSS
49
Priority
Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).
Within 24 hours: Isolate affected SD-WAN Manager instances from untrusted networks and restrict API access to known administrator IP ranges. Within 7 days: Implement network segmentation to limit lateral movement if compromise occurs, and enable comprehensive API logging and monitoring for suspicious authentication attempts. Within 30 days: Evaluate alternative SD-WAN solutions or request a vendor security timeline, and conduct forensic analysis for indicators of compromise on affected systems.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-287: Improper Authentication)
- • Third-party ICT: Cisco
- • No patch available
- • Management plane (Improper Authentication)
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
- • Authentication / access control weakness
9.8
CVSS
0.1%
EPSS
49
Priority
Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.
Within 24 hours: Identify and inventory all Cisco IMC instances (Enterprise NFV Infrastructure, UCS Standalone, UCS E-Series) in your environment and isolate affected devices from untrusted networks; restrict management access to administrative networks only via firewall rules. Within 7 days: Contact Cisco support for patch availability and timeline, as no vendor-released patch is currently identified; implement network segmentation restricting management traffic to jump hosts with multi-factor authentication. Within 30 days: Apply vendor-released patch immediately upon availability; conduct password audit of all affected IMC administrative accounts and force reset of all credentials post-remediation.
Edge exposure
ICT dependency
No patch available
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-20: Improper Input Validation)
- • Third-party ICT: Cisco
- • Proof of concept available
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
9.8
CVSS
0.0%
EPSS
49
Priority
Unauthenticated file upload in Cisco Meeting Management's Certificate Management interface allows authenticated attackers to write arbitrary files and execute commands with root privileges on affected systems. An attacker with valid credentials can exploit improper input validation in the web management interface to overwrite system files processed with elevated privileges, leading to complete system compromise. No patch is currently available for this vulnerability.
Within 24 hours: Identify all Cisco Meeting Management deployments and document current user access lists; disable Certificate Management feature if operationally feasible. Within 7 days: Implement network segmentation to restrict access to CMM instances, enforce multi-factor authentication for all administrative accounts, and enable enhanced logging on affected systems. Within 30 days: Contact Cisco for patch availability timeline, prepare change management procedures for immediate deployment when patch releases, and conduct threat hunt for suspicious file uploads or privilege escalation attempts in audit logs.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-434: Unrestricted Upload of File)
- • Third-party ICT: Cisco
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
8.8
CVSS
0.6%
EPSS
45
Priority
Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.
Within 24 hours: Inventory all Cisco IMC instances in production and identify current firmware versions; restrict network access to IMC web interfaces to administrative jump hosts only. Within 7 days: Disable or isolate IMC instances not in active use; implement network segmentation to limit lateral movement from compromised IMC systems. Within 30 days: Monitor Cisco security advisories for patch availability and test in non-production environment immediately upon release; plan emergency patching schedule with change management.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-77: Command Injection)
- • Third-party ICT: Cisco
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
8.8
CVSS
0.3%
EPSS
44
Priority
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).
Within 24 hours: Inventory all Catalyst SD-WAN Manager instances and restrict access to trusted administrators only. Within 7 days: Implement enhanced monitoring for suspicious privilege escalation attempts and review access logs for unauthorized activity. Within 30 days: Establish vendor communication cadence for patch release timelines and develop a deployment plan for immediate implementation upon patch availability.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Cisco
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Cisco (Network & Security)
- • No remediation available
8.8
CVSS
0.0%
EPSS
44
Priority
By Exposure
Internet-facing
45
Mgmt / Admin Plane
10
Identity / Auth
4
Internal only
61
By Exploitability
Known exploited
3
Public PoC
4
High EPSS (>30%)
0
Remote unauthenticated
47
Local only
16
By Remediation
Patch available
0
No patch
112
Workaround available
101
No workaround
11
Affected Services / Product Families
Cisco
112 CVE(s)
+ 102 more