Skip to main content

Cisco

Vendor security scorecard – 288 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 1341
288
CVEs
18
Critical
92
High
13
KEV
15
PoC
96
Unpatched C/H
5.2%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
18
HIGH
92
MEDIUM
178
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-20362 Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 43.6%. MEDIUM 6.5 43.6% 156
KEV PoC No patch
CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. CRITICAL 10.0 0.6% 141
KEV PoC No patch
CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. CRITICAL 10.0 2.6% 138
KEV PoC No patch
CVE-2026-20182 Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments. CRITICAL 10.0 1.6% 127
KEV PoC No patch
CVE-2026-20245 Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis. HIGH 7.8 0.1% 114
KEV PoC No patch
CVE-2026-20230 Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. No public exploit identified at time of analysis, and exploitation requires the non-default WebDialer service to be enabled. HIGH 8.6 0.0% 113
KEV PoC No patch
CVE-2026-20262 Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline. MEDIUM 6.5 1.7% 109
KEV PoC No patch
CVE-2026-20128 Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems. HIGH 7.5 0.0% 108
KEV PoC No patch
CVE-2026-20133 Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability. MEDIUM 6.5 0.0% 103
KEV PoC No patch
CVE-2026-20122 Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4). MEDIUM 5.4 0.0% 97
KEV PoC No patch
CVE-2026-20045 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. HIGH 8.2 1.0% 92
KEV No patch
CVE-2025-20352 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. HIGH 7.7 2.0% 90
KEV No patch
CVE-2026-20079 Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0. CRITICAL 10.0 0.2% 90
PoC No patch
CVE-2025-60692 A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.4 0.0% 62
PoC No patch
CVE-2022-46292 HIGH 7.8 0.8% 60
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy