Skip to main content

Cisco Smart Software Manager On Prem EUVDEUVD-2026-17956

| CVE-2026-20160 CRITICAL
Exposure of Resource to Wrong Sphere (CWE-668)
2026-04-01 cisco GHSA-wmm4-pvrx-wvv8
9.8
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17956
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:29 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.

This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

AnalysisAI

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Technical ContextAI

Cisco Smart Software Manager On-Prem (SSM On-Prem) is an on-premises software license management solution that organizations deploy to manage Cisco product licenses without requiring internet connectivity to Cisco's cloud services. This vulnerability (CWE-668: Exposure of Resource to Wrong Sphere) occurs when an internal service intended for system-level operations is inadvertently exposed to the network without proper access controls. The exposed API accepts requests that can invoke operating system commands, bypassing normal application-level security boundaries. The affected product (cpe:2.3:a:cisco:cisco_smart_software_manager_on-prem) functions as a centralized license server, making it a high-value target since compromise could affect license management for an organization's entire Cisco infrastructure. The root-level command execution capability indicates the service runs with elevated privileges without proper input validation or authorization checks on the exposed interface.

RemediationAI

Organizations should immediately consult the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr for vendor-released patches and specific upgrade instructions, as exact fixed versions are not provided in the available CVE data but will be detailed in the advisory. Cisco typically releases software updates through their standard distribution channels for SSM On-Prem virtual appliances, requiring administrators to download and apply the patched version following Cisco's upgrade procedures. As an interim mitigation measure until patching is complete, network access controls should be implemented to restrict connectivity to SSM On-Prem instances, limiting access only from trusted management networks and blocking external or untrusted network segments from reaching the exposed service. Given the unauthenticated remote nature of the vulnerability, network segmentation and firewall rules provide critical defense-in-depth protection during the remediation window. Organizations should also review logs for any suspicious API requests to the SSM On-Prem service that may indicate reconnaissance or exploitation attempts.

Share

EUVD-2026-17956 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy