cvelistv5 - cve-2026-20160

CVE-2026-20160 (GCVE-0-2026-20160)

Vulnerability from cvelistv5

Published

2026-04-01 16:29

Modified

2026-04-02 03:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Smart Software Manager On-Prem	Version: 9-202502 Version: 9-202504 Version: 9-202507 Version: 9-202510

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20160",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:56:10.746Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Smart Software Manager On-Prem",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9-202502"
            },
            {
              "status": "affected",
              "version": "9-202504"
            },
            {
              "status": "affected",
              "version": "9-202507"
            },
            {
              "status": "affected",
              "version": "9-202510"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an\u0026nbsp;internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T16:29:22.741Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ssm-cli-execution-cHUcWuNr",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ssm-cli-execution-cHUcWuNr",
        "defects": [
          "CSCws84279"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20160",
    "datePublished": "2026-04-01T16:29:22.741Z",
    "dateReserved": "2025-10-08T11:59:15.388Z",
    "dateUpdated": "2026-04-02T03:56:10.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2026-AVI-0388

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Cisco	Integrated Management Controller (IMC)	Cisco NFVIS versions antérieures à 4.18.3 sur Cisco Catalyst 8300 Series Edge uCPE
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) sur UCS C-Series M5 Rack Server
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 3.2.17 sur UCS E-Series M3
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) (M5), 4.3(6.260017) (M6) et 6.0(1.250174) (M6) sur Secure Network Server Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions 6.x antérieures à 6.0(1.250174) sur UCS C-Series M6 Rack Server
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Endpoint Private Cloud Appliances
Cisco	Smart Software Manager On-Prem	Smart Software Manager On-Prem (SSM On-Prem) versions antérieures à 9-202601
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Malware Analytics Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Firewall Management Center Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(6.260017) (M6) sur IEC6400 Edge Compute Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.15.3 sur UCS E-Series M6
Cisco	Integrated Management Controller (IMC)	Cisco NFVIS versions antérieures à 4.15.5 sur Cisco 5000 Series ENCS
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 6.0(1.250192) (M6) sur Cisco Telemetry Broker Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 6.0(1.250192) (M6) sur Secure Network Analytics Appliances
Cisco	Integrated Management Controller (IMC)	Cisco IMC versions antérieures à 4.3(6.260017) sur UCS C-Series M6 Rack Server
Cisco	Evolved Programmable Network Manager (EPNM)	Evolved Programmable Network Manager (EPNM) versions antérieures à 8.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-ssm-cli-execution-cHUcWuNr	2026-04-01	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cimc-auth-bypass-AgG2BxTn	2026-04-01	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cimc-cmd-inj-3hKN3bVt	2026-04-01	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cssm-priv-esc-xRAnOuO8	2026-04-01	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-epnm-improp-auth-mUwFWUU3	2026-04-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco NFVIS versions ant\u00e9rieures \u00e0 4.18.3 sur Cisco Catalyst 8300 Series Edge uCPE",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) sur UCS C-Series M5 Rack Server ",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 3.2.17 sur UCS E-Series M3",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5), 4.3(6.260017) (M6) et 6.0(1.250174) (M6) sur Secure Network Server Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions 6.x ant\u00e9rieures \u00e0 6.0(1.250174) sur UCS C-Series M6 Rack Server ",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Endpoint Private Cloud Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Smart Software Manager On-Prem (SSM On-Prem) versions ant\u00e9rieures \u00e0 9-202601",
      "product": {
        "name": "Smart Software Manager On-Prem",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Malware Analytics Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Firewall Management Center Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(6.260017) (M6) sur IEC6400 Edge Compute Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.15.3 sur UCS E-Series M6",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NFVIS versions ant\u00e9rieures \u00e0 4.15.5 sur Cisco 5000 Series ENCS",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 6.0(1.250192) (M6) sur Cisco Telemetry Broker Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 6.0(1.250192) (M6) sur Secure Network Analytics Appliances",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(6.260017) sur UCS C-Series M6 Rack Server ",
      "product": {
        "name": "Integrated Management Controller (IMC)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Evolved Programmable Network Manager (EPNM) versions ant\u00e9rieures \u00e0 8.1.2",
      "product": {
        "name": "Evolved Programmable Network Manager (EPNM)",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-20094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20094"
    },
    {
      "name": "CVE-2026-20151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20151"
    },
    {
      "name": "CVE-2026-20155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20155"
    },
    {
      "name": "CVE-2026-20096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20096"
    },
    {
      "name": "CVE-2026-20097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20097"
    },
    {
      "name": "CVE-2026-20160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20160"
    },
    {
      "name": "CVE-2026-20095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20095"
    },
    {
      "name": "CVE-2026-20093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20093"
    }
  ],
  "initial_release_date": "2026-04-02T00:00:00",
  "last_revision_date": "2026-04-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0388",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssm-cli-execution-cHUcWuNr",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cimc-auth-bypass-AgG2BxTn",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cimc-cmd-inj-3hKN3bVt",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-priv-esc-xRAnOuO8",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-epnm-improp-auth-mUwFWUU3",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-20160 (GCVE-0-2026-20160)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0388

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature