{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20160", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.388Z", "datePublished": "2026-04-01T16:29:22.741Z", "dateUpdated": "2026-04-02T03:56:10.746Z"}, "containers": {"cna": {"title": "Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr", "name": "cisco-sa-ssm-cli-execution-cHUcWuNr"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ssm-cli-execution-cHUcWuNr", "discovery": "INTERNAL", "defects": ["CSCws84279"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Resource to Wrong Sphere", "type": "cwe", "cweId": "CWE-668"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Smart Software Manager On-Prem", "versions": [{"version": "9-202502", "status": "affected"}, {"version": "9-202504", "status": "affected"}, {"version": "9-202507", "status": "affected"}, {"version": "9-202510", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-01T16:29:22.741Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-20160"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T03:56:10.746Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20160", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T17:55:39.887838Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:08:32.796Z"}}], "cna": {"title": "Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability", "source": {"defects": ["CSCws84279"], "advisory": "cisco-sa-ssm-cli-execution-cHUcWuNr", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Smart Software Manager On-Prem", "versions": [{"status": "affected", "version": "9-202502"}, {"status": "affected", "version": "9-202504"}, {"status": "affected", "version": "9-202507"}, {"status": "affected", "version": "9-202510"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr", "name": "cisco-sa-ssm-cli-execution-cHUcWuNr"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-668", "description": "Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-01T16:29:22.741Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20160", "state": "PUBLISHED", "dateUpdated": "2026-04-02T03:56:10.746Z", "dateReserved": "2025-10-08T11:59:15.388Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-04-01T16:29:22.741Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."}], "id": "CVE-2026-20160", "lastModified": "2026-04-03T16:11:11.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-04-01T17:28:31.760", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9-202502"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9-202504"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9-202507"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9-202510"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "Cisco Smart Software Manager On-Prem", "source": "cna", "vendor": "Cisco"}, "product": "smart_software_manager_on-prem", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-02T02:43:15.686532+00:00", "value": {"mitigation_remediation": ["Apply the Cisco-provided patch or upgrade Cisco Smart Software Manager On-Prem to a version that fixes the exposed internal service. ", "Restrict network access to the internal API service using firewalls or segmentation to prevent unauthenticated traffic. ", "Monitor system logs for unexpected API activity and enforce strict authentication where possible. ", "Reference Cisco\u2019s security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr for detailed remediation guidance."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Cisco Smart Software Manager On-Prem. No specific version information is disclosed, so all installations of this product remain potentially at risk until remediation is applied.", "description_and_impact": "A flaw in Cisco Smart Software Manager On-Prem allows an unauthenticated user to send a crafted request to an internal API, resulting in arbitrary command execution on the host operating system with root privileges. The weakness stems from accidental exposure of an internal service, creating a classic privilege escalation scenario where an attacker can compromise the entirety of the affected system.", "risk_and_exploitability": "The flaw carries a CVSS score of 9.8, indicating critical severity, and is not listed in the CISA KEV catalog. Although an EPSS score is unavailable, the remote, unauthenticated nature of the exploit implies that an attacker could reach the vulnerable API from outside the trusted network. Once exploited, the attacker gains root-level access, enabling complete control over the host system. The risk is therefore high for any network exposing this service without proper isolation."}}}}, "created": "2026-04-02T07:48:22.833120+00:00", "updated": "2026-04-03T08:58:26.528726+00:00", "vendors": ["cisco", "cisco$PRODUCT$smart_software_manager_on-prem"]}