Exposing Information Security Vulnerabilities with Cisco Talos


Looking back at 2020, it was an unsettling year in terms of information security. Particularly, ransomware that attacked various leading enterprises and organizations ceaselessly was the most frightening. According to the statistics of the information security industry, the average number of daily ransomware attacks in 2020Q3 rose by 50% from 2020H1, with one new victim every 10 seconds on average.

Source: Cheng-Yen Yu, Chief Information Security Consultant, Cisco Taiwan

The intensification of the mentioned information security threats is inseparable from the new norm of teleworking because of the pandemic. While increasingly employees are turning homes and even coffee shops and fast-food stores into their workplaces and accessing corporate websites with various personal devices, this way of network connection is already exceeding the range of corporate information security, providing opportunities for cyberattacks. Although businesses are exposed to huge information security risks, a study by the Cisco Talos Systems Vulnerability Research Team found that many attacks can be prevented when loopholes are exposed and fixed.
In 2020 alone, the Cisco Talos Systems Vulnerability Research Team found up to 231 vulnerabilities in a wide range of products, and these vulnerabilities have already been fixed and published to significantly reduce the chance of cyberattacks. As the end of the pandemic is not yet in sight and teleworking is still prevalent, the Talos team specifically enhanced the analysis of program code, web/mobile equipment, and drivers in 2020. The article below will describe the results of the vulnerability analysis of the Talos team.

Principles of vulnerability analysis

The scope of the Cisco Talos Systems Vulnerability Research Team’s research covered software, operating systems, internet-of-things (IoT) devices, application services, web and mobile vulnerabilities, with the aim of protecting customers and the broader online community.
Through a 90-day default timeline, Talos defined, coordinated, analyzed, and disclosed the loopholes found. Over this nearly three-month period, Talos worked together with relevant vendors to ensure timely patching and mitigation strategies to close and address any vulnerable attack vectors. The content of the investigation raised by Talos can help protect customers during the vendor response window. It is worth noting that Talos also made the content of the investigation publicly available as well as a detailed report for customers to find the information of vulnerabilities requiring higher concerns on the Talos vulnerability information page (
Talos also regularly releases Vulnerability Spotlight blog posts which feature in-depth technical analyses of vulnerabilities discovered as well as brief summaries highlighting the possible impact of exploitation. You can find these Vulnerability Spotlight blog posts on the relevant website (
Based on Cisco’s Vendor Vulnerability and Disclosure Policy, Talos established the following timeline of reporting and disclosing vulnerabilities:

1. Initial contact with the vendor. 
2. Announcement to Cisco customers how to use Cisco security products to implement protection. 
3. Assignment of Common Vulnerabilities and Exposure (CVE) if the vendor is not a CVE Numbering Authority (CNA). 
4. Vendor name and report date listed on the Cisco Talos vulnerability tracker website.

In 2020, Talos published 231 advisories involving 277 CVEs, in a wide range of software including operating systems, IoT devices, Microsoft Office products, browsers, PDF readers and more. What is worth noting is that this is a marked increase over 2019 in the CVEs involved in the investigations, analyses and survey of Talos, suggesting that the number of system loopholes is increasing rapidly.
While suppliers do their best to increase coverage and thus enhance the overall security of the internet, bulletproof software simply doesn’t exist. Even vendors with large security teams make mistakes, and many don’t even have those. Cisco Talos strives to increase its coverage of vulnerabilities in a landscape of insecure software and hardware. Instead of challenging the technology proposed by any specific supplier, Cisco Talos aims to remind users of the importance of secure coding and development in order to not give hackers any chance.

Vulnerabilities found by Talos in 2020:

1.    Multiple vulnerabilities in major PDF applications, including Adobe PDF, Foxit PDF, NitroPDF and Google PDFium.
2.    Multiple vulnerabilities in graphics drivers from Intel, Nvidia, and AMD. These vulnerabilities resulted in Microsoft deciding to fully disable the RemoteFX vGPU functionality in Windows before February 2021.
3.    Multiple vulnerabilities in Pixar OpenUSD.
4.    As part of our participation in Microsoft’s Azure Sphere research challenge, we also found another 16 vulnerabilities in Azure Sphere.
5.    Multiple vulnerabilities in major web browsers such as Firefox, Chrome, and Safari—including the WebKit system used by many of these browsers.
6.    Other major applications that we found issues in include Synology’s SRM and DSM firmware and Microsoft Office and Windows.
Talos works closely with all vendors under its coordinated disclosure policy, while ensuring its customers and internet communities are appropriately protected before patches are issued. This proactive research and can be said to advance security for everyone, as everyone benefits from more secure software and hardware.

For vulnerabilities Talos has disclosed, please refer to our Vulnerability Report website:

To review Talos’ Vulnerability Disclosure Policy, please visit the below website:



Contact Us