Critical Cisco SSM On-Prem Vulnerability Grants Root Access to Attackers
Cisco has disclosed a critical unauthenticated remote code execution (RCE) vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform, tracked as CVE-2026-20160 with a CVSS score of 9.8. The flaw allows unauthenticated, remote attackers to execute arbitrary commands with root privileges, granting full control over affected systems.
The vulnerability stems from an exposed internal service in SSM On-Prem, which can be exploited via specially crafted HTTP requests to the platform’s API without requiring authentication or user interaction. Given its severity, the flaw is highly attractive for automated, large-scale attacks.
A successful exploit could enable threat actors to pivot laterally across networks, exfiltrate sensitive data, or deploy ransomware and other malicious payloads. Cisco SSM On-Prem is widely used for enterprise license management, meaning a compromise could have severe implications for core infrastructure.
Cisco’s Product Security Incident Response Team (PSIRT) identified the issue internally while addressing a support case. As of the advisory’s release, no active exploitation has been observed, but the lack of authentication requirements and the flaw’s critical severity heighten the risk of imminent attacks.
Affected Versions:
- Vulnerable: SSM On-Prem releases 9-202502 through 9-202510
- Fixed: SSM On-Prem version 9-202601
- Not affected: Releases before 9-202502, Cisco Smart Licensing Utility, and SSM satellite products
Cisco has confirmed that no workarounds or mitigations exist the only remediation is applying the official patch. Organizations running affected versions are urged to prioritize upgrades to prevent potential enterprise-wide compromise.
Source: https://cyberpress.org/critical-cisco-smart-software-manager-vulnerability/
Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco
"id": "CIS1775125662",
"linkid": "cisco",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Enterprises using Cisco SSM '
'On-Prem (versions 9-202502 '
'through 9-202510)',
'industry': 'Information Technology',
'name': 'Cisco',
'type': 'Technology Vendor'}],
'attack_vector': 'Network (HTTP API requests)',
'customer_advisories': 'Cisco urges customers to upgrade to SSM On-Prem '
'version 9-202601 immediately.',
'data_breach': {'data_exfiltration': 'Possible',
'sensitivity_of_data': 'High (enterprise license management '
'data)',
'type_of_data_compromised': 'Sensitive enterprise data '
'(potential)'},
'description': 'Cisco has disclosed a critical unauthenticated remote code '
'execution (RCE) vulnerability in its Smart Software Manager '
'On-Prem (SSM On-Prem) platform, tracked as CVE-2026-20160 '
'with a CVSS score of 9.8. The flaw allows unauthenticated, '
'remote attackers to execute arbitrary commands with root '
'privileges, granting full control over affected systems. The '
'vulnerability stems from an exposed internal service in SSM '
'On-Prem, which can be exploited via specially crafted HTTP '
'requests to the platform’s API without requiring '
'authentication or user interaction. A successful exploit '
'could enable threat actors to pivot laterally across '
'networks, exfiltrate sensitive data, or deploy ransomware and '
'other malicious payloads.',
'impact': {'data_compromised': 'Sensitive data exfiltration possible',
'operational_impact': 'Full system compromise, lateral movement, '
'ransomware deployment possible',
'systems_affected': 'Cisco SSM On-Prem (versions 9-202502 through '
'9-202510)'},
'investigation_status': 'Vulnerability disclosed; no active exploitation '
'observed as of advisory release',
'post_incident_analysis': {'corrective_actions': 'Patch development and '
'release (SSM On-Prem '
'version 9-202601)',
'root_causes': 'Exposed internal service in SSM '
'On-Prem allowing unauthenticated '
'API access'},
'ransomware': {'data_exfiltration': 'Possible'},
'recommendations': 'Organizations running affected versions of Cisco SSM '
'On-Prem should prioritize upgrading to version 9-202601 '
'to mitigate the risk of exploitation.',
'references': [{'source': 'Cisco Security Advisory'}],
'response': {'containment_measures': 'Patch application (upgrade to SSM '
'On-Prem version 9-202601)',
'remediation_measures': 'Apply official patch (SSM On-Prem '
'version 9-202601)'},
'title': 'Critical Cisco SSM On-Prem Vulnerability Grants Root Access to '
'Attackers',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-20160'}