Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

cisco-sa-ssm-cli-execution-cHUcWuNr · Critical · Published · Updated

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2026-20160
Cisco Bug IDsCSCws84279
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Smart Software Manager On-Prem

Related Products

Product CVE Evidence
Cisco Smart Software Manager On-Prem CVE-2026-20160 Cisco OpenVuln