Summary
Cisco patched a critical unauthenticated remote code execution vulnerability (CVE-2026-20160) in its Smart Software Manager On-Prem platform that allows attackers to gain root access. The flaw is caused by an exposed internal API and requires no user interaction to exploit.
Take Action:
Treat this Cisco SSM update as an emergency priority because it allows full root access without a password and has no available workarounds. First, make sure the SSM is isolated from the internet and accessible only from trusted networks. Even with that, patch ASAP. Since license managers often have broad network reach, a compromise here provides attackers an ideal platform for lateral movement across your entire infrastructure.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)