CVE-2026-20151

CWE-2013 documents3 sources
Severity
7.3HIGH
EPSS
0.0%
top 86.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Smart Software Manager On-prem
Timeline
PublishedApr 1

Description

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to el

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:NExploitability: 2.1 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability2026-04-01
GHSA
GHSA-753x-3fmj-hv4q: A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate pr2026-04-01
CVE-2026-20151 (HIGH CVSS 7.3) | A vulnerability in the web interfac | cvebase.io