Home

Description

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

PUBLISHED Reserved 2025-10-08 | Published 2026-04-01 | Updated 2026-04-02 | Assigner cisco




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Exposure of Resource to Wrong Sphere

Product status

Default status
unknown

9-202502
affected

9-202504
affected

9-202507
affected

9-202510
affected

References

sec.cloudapps.cisco.com/...sco-sa-ssm-cli-execution-cHUcWuNr (cisco-sa-ssm-cli-execution-cHUcWuNr)

cve.org (CVE-2026-20160)

nvd.nist.gov (CVE-2026-20160)

Download JSON