CVE-2026-20151

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem (SSM On-Prem) (affected versions not specified)

Description A flaw exists in the web interface of Cisco Smart Software Manager On-Prem that could allow a remote attacker with valid credentials to elevate privileges. The issue stems from the improper transmission of sensitive user information. An attacker could exploit this by sending a crafted message to the system and retrieving session credentials from status messages, potentially gaining administrative privileges. The attacker must have valid credentials for a user account with at least the role of System User to exploit this. This vulnerability affects users who log in via the web interface and are currently logged in; SSH sessions are not impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.