Cisco Smart Software Manager On-Prem
Moderate fix1 remedy
cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 9-202502
- >= 9-202502, <= 9-202510
Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
Vulnerability
Patched
A vulnerability exists in Cisco Smart Software Manager On-Prem (SSM On-Prem) that allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected host. This issue arises from the unintended exposure of an internal service, which can be exploited by sending a crafted request to the API of the exposed service. Successful exploitation grants root-level privileges on the operating system.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the affected host's operating system with root-level privileges.
Remediation
Cisco has released software updates to address this vulnerability. For versions earlier than 9-202502, users should upgrade to a version that is not vulnerable. For versions 9-202502 to 9-202510, users should upgrade to 9-202601.
Added: Apr 1, 2026, 6:56 PM
Updated: Apr 1, 2026, 6:56 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
10.0exploitability
7.0remediation
7.7relevance
5.1threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.