Main Vulnerability Database Vulnerabilities #VU124786

#VU124786 Exposure of Resource to Wrong Sphere in Cisco Smart Software Manager On-Prem - CVE-2026-20160

Published: April 1, 2026

Vulnerability identifier: #VU124786

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2026-20160

CWE-ID: CWE-668

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Smart Software Manager On-Prem

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unintentional exposure of an internal service. A remote non-authenticated attacker can send specially crafted HTTP requests to the exposed API interface and execute arbitrary code on the system with root privileges.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws84279

#VU124786 Exposure of Resource to Wrong Sphere in Cisco Smart Software Manager On-Prem - CVE-2026-20160

Description

Remediation

External links

Please verify you're human