Skip to main content

Cisco

Vendor security scorecard – 57 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 430
57
CVEs
3
Critical
35
High
4
KEV
6
PoC
24
Unpatched C/H
26.3%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
3
HIGH
35
MEDIUM
19
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-20182 Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments. CRITICAL 10.0 1.6% 127
KEV PoC No patch
CVE-2026-20245 Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis. HIGH 7.8 0.1% 114
KEV PoC No patch
CVE-2026-20230 Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. No public exploit identified at time of analysis, and exploitation requires the non-default WebDialer service to be enabled. HIGH 8.6 0.0% 113
KEV PoC No patch
CVE-2026-20262 Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline. MEDIUM 6.5 1.7% 109
KEV PoC No patch
CVE-2022-46292 HIGH 7.8 0.8% 60
PoC
CVE-2026-20223 Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions. CRITICAL 10.0 0.0% 50
No patch
CVE-2026-20181 Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis. CRITICAL 9.1 0.6% 46
No patch
CVE-2026-20034 Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence. HIGH 8.8 0.4% 44
No patch
CVE-2026-20150 Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. HIGH 8.8 – 44
No patch
CVE-2026-20224 Remote file disclosure in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to read arbitrary system files via XML External Entity (XXE) injection in the web UI. The vulnerability affects the management interface with network-accessible attack vector, low complexity, and no required privileges (CVSS 8.6). Attackers can extract sensitive configuration files, credentials, and operational data from the SD-WAN management platform. EPSS data not provided; exploitation status unknown but the unauthenticated remote vector and publicly disclosed Cisco advisory elevate real-world risk for internet-exposed instances. HIGH 8.6 0.0% 43
No patch
CVE-2026-20156 Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector. HIGH 8.1 – 40
No patch
CVE-2022-46280 HIGH 7.8 0.8% 40
CVE-2022-43467 HIGH 7.8 0.8% 40
CVE-2022-46295 HIGH 7.8 0.8% 40
CVE-2022-46294 HIGH 7.8 0.8% 40

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy