What is the cisco CNA?
cisco is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 6,076 CVE records since 2007.
How many CVEs has cisco published?
cisco has published 6,076 CVE records, including 635 in the last two years.
What is cisco's CVE data quality grade?
RadicalNotion.AI grades cisco's CVE data quality as F, with an overall completeness score of 56.3%. This reflects how consistently its CVE records include vendor (51.5%), product (64.7%), CVSS (48.8%), and CWE (60.2%) information.
What products does cisco publish CVEs for?
cisco most frequently publishes CVEs for IOS XE, IOS, adaptive security appliance software, nx-os, Cisco Small Business RV Series Router Firmware.
Which vendors does cisco cover?
cisco publishes CVEs across 6 distinct vendors, most often Cisco, Splunk, Cisco Systems, Inc., ClamAV, cisco-talos.
Is cisco actively publishing CVEs?
cisco is currently active, based on 635 CVEs in the last two years.
What is the average severity of cisco's CVEs?
The average CVSS base score across cisco's scored CVEs is 6.6.
How many critical CVEs has cisco published?
cisco has published 217 critical-severity CVEs and 1,084 high-severity CVEs.
Are any of cisco's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 89 of cisco's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in cisco's CVEs?
cisco's CVEs most often map to these CWE weakness types: CWE-20 (Improper Input Validation), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-284 (Improper Access Control).
How does cisco rank among CNAs?
By total CVE volume, cisco ranks #13 of 370 CNAs, and it reports more complete CVE records than 12% of all CNAs.
