Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability has been identified in Cisco Smart Software Manager On-Prem, a system used for managing software licenses. This issue could potentially allow an unauthenticated remote attacker to execute commands on the host system with full administrative privileges by sending a specially crafted request. The main concern is to determine if your organization uses this specific Cisco product and if it is accessible externally.
- Unauthenticated attackers can run commands on Cisco systems.
- This could grant unauthorized access to core systems.
- Confirm if this Cisco product is in use.
Attack Path
How an attacker could exploit the issue
An unauthenticated, remote attacker can exploit this vulnerability by sending a specially crafted request to an unintentionally exposed internal service within Cisco Smart Software Manager On-Prem. This allows them to execute arbitrary commands on the host system with root privileges.
- Attacker starts from the network.
- Vulnerable internal service API.
- System compromise with root privileges.
Live Threat
Current exploitation, exposure, and threat context
An unauthenticated, remote attacker could execute arbitrary commands with root-level privileges on the underlying operating system of an affected Cisco Smart Software Manager On-Prem host by sending a crafted request to an unintentionally exposed internal service.
- Underlying operating system commands.
- Crafted API request to exposed service.
- System compromise with root access.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) requires immediate attention from teams managing IT infrastructure and licensing. The primary first step is to identify all SSM On-Prem instances, confirm their network exposure and business criticality, and locate the designated owner for each. Once identified and prioritized, a remediation plan should be developed, potentially involving coordination with the vendor.
- Identify and confirm affected assets.
- Verify network exposure and criticality.
- Plan and execute remediation actions.