CVE-2026-20160

Summary

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.

This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Smart Software Manager On-Prem9-202502affected
CiscoCisco Smart Software Manager On-Prem9-202504affected
CiscoCisco Smart Software Manager On-Prem9-202507affected
CiscoCisco Smart Software Manager On-Prem9-202510affected

Weaknesses

  • CWE-668: Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References