CVE-2026-20151 - Vulnerability Details

- Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

Description

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.

This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative.
To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User.
Note: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected.

Published: 2026-04-01

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the web interface of Cisco Smart Software Manager On‑Prem lets an authenticated remote attacker send a crafted request that causes the system to disclose session credentials. With those credentials the attacker can raise their privileges from a standard System User to full administrative rights, enabling complete control of the host and all managed devices.

Affected Systems

The vulnerability is present in Cisco Smart Software Manager On‑Prem. All installations of this product that have not applied the vendor’s security update are affected. Specific version ranges are not listed in the advisory, so any exposed instance remains vulnerable until patched.

Risk and Exploitability

The CVSS base score of 7.3 classifies this as high severity. Exploitability requires a valid user account with at least System User rights, which are typically granted to monitored users. The attack vector is remote over the web interface, and the vulnerability is not currently listed in CISA’s KEV catalog, indicating no documented large‑scale exploitation yet. Nevertheless, the ability to gain administrative rights warrants prompt action.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Smart Software Manager On-Prem

unknown

Version	Status	Constraints
`7-202001`	affected	—
`8-202004`	affected	—
`8-202006`	affected	—
`8-202012`	affected	—
`8-202010`	affected	—
`8-202008`	affected	—
`9-202201`	affected	—
`8-202102`	affected	—
`8-202105`	affected	—
`8-202108`	affected	—
`8-202112`	affected	—
`8-202201`	affected	—
`8-202206`	affected	—
`8-202212`	affected	—
`8-202302`	affected	—
`8-202303`	affected	—
`8-202304`	affected	—
`8-202308`	affected	—
`8-202401`	affected	—
`8-202404`	affected	—
`9-202406`	affected	—
`9-202407`	affected	—
`9-202410`	affected	—
`9-202412`	affected	—
`9-202501`	affected	—
`9-202502`	affected	—
`9-202504`	affected	—
`9-202507`	affected	—
`9-202510`	affected	—

No data.

Vendor Product Confidence Versions

Cisco

Smart Software Manager On-prem

92%

Version	Status	Scheme	Platform
`7-202001`	affected	generic	—
`8-202004`	affected	generic	—
`8-202006`	affected	generic	—
`8-202012`	affected	generic	—
`8-202010`	affected	generic	—
`8-202008`	affected	generic	—
`9-202201`	affected	generic	—
`8-202102`	affected	generic	—
`8-202105`	affected	generic	—
`8-202108`	affected	generic	—
`8-202112`	affected	generic	—
`8-202201`	affected	generic	—
`8-202206`	affected	generic	—
`8-202212`	affected	generic	—
`8-202302`	affected	generic	—
`8-202303`	affected	generic	—
`8-202304`	affected	generic	—
`8-202308`	affected	generic	—
`8-202401`	affected	generic	—
`8-202404`	affected	generic	—
`9-202406`	affected	generic	—
`9-202407`	affected	generic	—
`9-202410`	affected	generic	—
`9-202412`	affected	generic	—
`9-202501`	affected	generic	—
`9-202502`	affected	generic	—
`9-202504`	affected	generic	—
`9-202507`	affected	generic	—
`9-202510`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Cisco Smart Software Manager On‑Prem update that resolves the privilege escalation issue.
Verify that the update has been deployed on all affected hosts.
Revoke or limit the use of the System User role for accounts that do not require remote web interface access.
Restrict network access to the SSM On‑Prem web interface to trusted hosts or subnets.
Monitor system logs for unusual privilege escalation activity after patching.

Generated by OpenCVE AI on April 2, 2026 at 02:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8

History

Fri, 03 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco smart Software Manager On-prem
Vendors & Products		Cisco Cisco smart Software Manager On-prem

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User. Note: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected.
Title		Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
Weaknesses		CWE-201
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Cisco Smart Software Manager On-prem

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-04-01T16:29:13.496Z

Updated: 2026-04-02T03:56:09.678Z

Reserved: 2025-10-08T11:59:15.385Z

Link: CVE-2026-20151

Vulnrichment

Updated: 2026-04-01T18:10:33.307Z

NVD

Status : Awaiting Analysis

Published: 2026-04-01T17:28:31.097

Modified: 2026-04-03T16:11:11.357

Link: CVE-2026-20151

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-03T08:58:28Z

Weaknesses

CWE-201

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object