{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-20160","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2025-10-08T11:59:15.388Z","datePublished":"2026-04-01T16:29:22.741Z","dateUpdated":"2026-04-02T03:56:10.746Z"},"containers":{"cna":{"title":"Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr","name":"cisco-sa-ssm-cli-execution-cHUcWuNr"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ssm-cli-execution-cHUcWuNr","discovery":"INTERNAL","defects":["CSCws84279"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Exposure of Resource to Wrong Sphere","type":"cwe","cweId":"CWE-668"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Smart Software Manager On-Prem","versions":[{"version":"9-202502","status":"affected"},{"version":"9-202504","status":"affected"},{"version":"9-202507","status":"affected"},{"version":"9-202510","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2026-04-01T16:29:22.741Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-01T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-20160"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-02T03:56:10.746Z"}}]}}