Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution

Cisco has issued a critical security alert regarding a severe vulnerability in its Smart Software Manager On-Prem (SSM On-Perm) platform.

The flaw, identified as CVE-2026-20160, carries an extremely high CVSS severity rating of 9.8/10.

Exploiting this vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands with root-level system privileges on the underlying host.

Cisco SSM On-Prem is a platform designed to help organizations securely manage and monitor their Cisco software licenses internally.

Given the deep integration of this platform into corporate networks, compromising it at the root level poses a major threat to overall infrastructure security.

Cisco Smart Software Manager Vulnerability

The vulnerability arises from the unintentional exposure of an internal service within the SSM On-Prem environment.

Attackers can exploit this weakness by sending specially crafted requests directly to the exposed service’s application programming interface (API).

As the flaw doesn’t require any prior authentication or user interaction, it is highly susceptible to automated attacks.

Root access provides attackers with complete control over the compromised host. From there, they could potentially pivot to other network areas, exfiltrate sensitive data, or deploy malicious software.

Cisco discovered this issue internally while handling a Technical Assistance Center (TAC) support case.

The company’s Product Security Incident Response Team (PSIRT) has stated there’s currently no evidence of this vulnerability being actively exploited by malicious actors in real-world scenarios.

Affected Software and Remediation

Administrators must first confirm their current software version to assess exposure risk.

The vulnerability status per Cisco infrastructure is:

  • Cisco SSM On-Perm releases from 9-202502 to 9-202510 are affected.
  • Cisco SSM On-Prem version 9-202601 is the official fixed release.
  • Releases prior to 9-202502 are not vulnerable to this specific flaw.
  • Cisco Smart Licensing Utility and SSM satellite products are not impacted.

Cisco emphasizes that there are no workarounds or temporary mitigations available to block this attack vector. Patching with the official software update is the only effective security measure.

IT administrators using SSM On-Perm should prioritize applying this critical patch immediately.

Organizations are strongly urged to consult the official Cisco Security Advisory and upgrade to version 9-202601 without delay to mitigate the risk of network compromise.

Related Articles

Back to top button