Identity & Access Management · head-to-head
Cisco Duo vs Microsoft Identity
On-prem IAM/IGA/PAM/MFA: directories, federation, privileged access, SSO. Counts are scoped to this segment and the selected published-date window. Microsoft Identity carries 2.0× the disclosed CVE volume of Cisco Duo. Volume reflects disclosure practice and install base as much as code quality — read it with the severity mix. Sourced from the NIST NVD; lower counts indicate a smaller disclosed vulnerability surface — not necessarily lower risk.
Disclosure record
Bars are normalized per row to the larger value; the leading count is emphasized.
| Cisco Duo | Metric | Microsoft Identity | ||
|---|---|---|---|---|
| 1 | Total CVEs | 2 | ||
| 0 | Critical | 0 | ||
| 0 | High | 1 | ||
| 1 | Medium | 1 | ||
| 0 | Low | 0 | ||
| 2 | Open in latest | 6 |
Risk profile
Each severity band as a share of the vendor's own total — strips out raw volume so the profiles compare directly.
Cisco Duo
0.0% critical- Critical
- 00.0%
- High
- 00.0%
- Medium
- 1100.0%
- Low
- 00.0%
Microsoft Identity
0.0% critical- Critical
- 00.0%
- High
- 150.0%
- Medium
- 150.0%
- Low
- 00.0%
Recent activity
Latest in-window disclosures per vendor, newest first. Each ID links to its NVD record.
Cisco Duo
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2023-20207(opens NVD record) | Medium | 4.9 | Jul 12, 2023 |
Microsoft Identity
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2025-26685(opens NVD record) | Medium | 6.5 | May 13, 2025 |
| CVE-2021-36949(opens NVD record) | High | 7.1 | Aug 12, 2021 |
Track new CVEs for these vendors
Get an email the moment a new vulnerability is disclosed for the products you rely on.