Skip to main content

Cisco Smart Software Manager On Prem

2 CVEs product

Monthly

CVE-2026-20160 CRITICAL NEWS Act Now

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-20151 HIGH This Week

Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD
CVSS 3.1
7.3
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy