Full Report
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution. Cisco Smart Software Manager On‑Prem is a centralized Cisco tool used by organizations to manage software licenses, entitlements, and compliance for Cisco products within their own network environment.Cisco Integrated Management Controller (IMC) is embedded server management software that allows administrators to remotely monitor, configure, and control Cisco servers without needing an operating system installed.Cisco Evolved Programmable Network Manager (EPNM) is a network management platform used to provision, monitor, and automate large‑scale Cisco network infrastructures.Cisco Nexus Dashboard is a centralized management and operations platform that provides visibility, policy management, and analytics across Cisco Nexus data center networks.Cisco Nexus Dashboard Insights is an analytics and assurance application that runs on Nexus Dashboard to detect configuration issues, performance problems, and network anomalies in data center environments.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution, which may lead to the complete compromise of the affected device.
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Cisco Products
## CVE Details
- **CVE IDs:**
- **Smart Software Manager:** CVE-2026-20160, CVE-2026-20151
- **Nexus Dashboard Fabric Controller:** CVE-2024-20432 (Command Injection)
- **Integrated Management Controller (IMC):** CVE-2026-20093, CVE-2026-20094, CVE-2026-20095, CVE-2026-20085, CVE-2026-20087
- **Evolved Programmable Network Manager (EPNM):** CVE-2026-20155
- **Nexus Dashboard Insights:** CVE-2026-20174, CVE-2026-20041
- **Nexus Dashboard:** CVE-2026-20041, CVE-2026-20042
- **CVSS Score:** Not explicitly listed for each, but categorized as **Critical/High** severity.
- **CWE:** Included but not limited to CWE-77 (Command Injection), CWE-79 (XSS), and SSRF.
## Affected Systems
- **Products & Versions:**
- **Cisco SSM On-Prem:** Prior to 9-202601
- **Cisco IMC:**
- UCS C-Series M5: Prior to 4.3(2.260007)
- UCS C-Series M6: Prior to 4.3(6.260017) and 6.0(1.250174)
- UCS E-Series M3: Prior to 3.2.17; M6: Prior to 4.15.3
- Specialty Appliances (Telemetry Broker, IEC6400, Secure Endpoint, Secure Network Analytics/Server) using IMC M5/M6 versions.
- **Cisco NFVIS:** 4.15.5 (ENCS 500) and 4.18.3 (Catalyst 8300 uCPE)
- **EPNM:** Prior to 8.1.2
- **Nexus Dashboard:** 3.1, 3.2, 4.1, 4.2
- **Nexus Dashboard Insights:** 6.5 and earlier
- **Nexus Dashboard Fabric Controller:** Prior to 12.2.2
## Vulnerability Description
This advisory covers a cluster of flaws across Cisco's management and infrastructure portfolio. The most severe issues involve **Command Injection** and **Arbitrary Code Execution (ACE)**. These flaws typically stem from improper validation of user-supplied input in web-based management interfaces or API endpoints. This allows an attacker to inject system-level commands that the underlying operating system executes with high privileges.
## Exploitation
- **Status:** Not currently known to be exploited in the wild.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** High (Full access to data and configurations).
- **Integrity:** High (Ability to modify system settings and software).
- **Availability:** High (Potential for complete device takeover or bricking).
## Remediation
### Patches
Cisco has released updates to address these vulnerabilities. Administrators should upgrade to:
- **SSM On-Prem:** 9-202601 or later.
- **IMC:** 4.3(2.260007) (M5) / 4.3(6.260017) or 6.0(1.250174) (M6).
- **EPNM:** 8.1.2 or later.
- **Fabric Controller:** 12.2.2 relative to specific release tracks.
### Workarounds
- **Network Segmentation:** Isolate management interfaces (IMC, Nexus Dashboard) on a dedicated, restricted management VLAN.
- **Access Control Lists (ACLs):** Restrict access to affected management ports to only known-trusted administrative IP addresses.
- **Disable Unnecessary Services:** Disable management features that are not actively in use.
## Detection
- **Indicators of Compromise:** Unusual administrative log entries, unauthorized creation of local accounts, or unexpected outbound traffic from management interfaces.
- **Methods:** Monitor for signs of directory traversal or shell command syntax (e.g., `;`, `&`, `|`) in web server access logs for the management consoles.
## References
- Cisco Security Advisory (Nexus SSRF): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r
- Cisco Security Advisory (Nexus CBID): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu
- Cisco Security Advisory (IMC XSS): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB
- Cisco Security Advisory (NDFC Cmd Inj): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr