Skip to main content

Cisco

Vendor security scorecard – 31 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 125
31
CVEs
1
Critical
26
High
0
KEV
1
PoC
13
Unpatched C/H
45.2%
Patch Rate
0.7%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
26
MEDIUM
4
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2022-46292 HIGH 7.8 0.8% 60
PoC
CVE-2026-20181 Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis. CRITICAL 9.1 0.6% 46
No patch
CVE-2026-20150 Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. HIGH 8.8 – 44
No patch
CVE-2026-20156 Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector. HIGH 8.1 – 40
No patch
CVE-2022-46280 HIGH 7.8 0.8% 40
CVE-2022-43467 HIGH 7.8 0.8% 40
CVE-2022-46293 HIGH 7.8 0.8% 40
CVE-2022-46295 HIGH 7.8 0.8% 40
CVE-2022-46294 HIGH 7.8 0.8% 40
CVE-2022-46291 HIGH 7.8 0.8% 40
CVE-2022-46290 HIGH 7.8 0.8% 40
CVE-2022-46289 HIGH 7.8 0.8% 40
CVE-2022-44451 HIGH 7.8 0.8% 40
CVE-2022-42885 HIGH 7.8 0.8% 40
CVE-2022-41793 HIGH 7.8 0.8% 40

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy