Cisco Smart Software Manager On-Prem is vulnerable to unauthenticated remote code execution with root privileges due to the unintentional exposure of an internal service API.

This flaw is caused by the exposure of an internal service's API. An unauthenticated remote attacker can send crafted requests to this API to execute arbitrary commands on the host operating system with root-level privileges.

The CVSS score of 9.8 reflects the critical nature of this RCE vulnerability. Root-level access allows an attacker to completely take over the SSM On-Prem host, steal licensing data, and use the system as a pivot point for further network attacks.

Immediate Action: Update Cisco SSM On-Prem to the latest available version to close the exposed service and secure the API.

Proactive Monitoring: Review system logs for unauthorized command execution and inspect network traffic for unusual API calls directed at internal-only service ports.

Compensating Controls: Implement strict firewall rules to ensure that only authorized administrative IPs can access the SSM On-Prem management and API ports.

Public Exploit Available: No

Applying the Cisco-provided patch is essential to prevent total system compromise. Organizations should also audit their network architecture to ensure that internal services are not reachable from outside the intended management segment.