Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Remote Code Execution vulnerabilities in multiple Cisco products, Patch Immediately!
Image
Published : 02/04/2026
- Last update:
- Affected software:
→ Cisco Smart Software Manager On-Prem between 9-202502 and 9-202510
→ Cisco Unified Computing System (Standalone)
5000 Series ENCS: Cisco NFVIS 4.15 and earlier
Catalyst 8300 Series Edge uCPE: Cisco NFVIS 4.16 and earlier, and 4.18
UCS C-Series M5 Rack Server: Cisco IMC 4.2 and earlier
UCS C-Series M6 Rack Server: Cisco IMC 4.2 and earlier, 4.3, and 6.0
UCS E-Series M3: Cisco IMC 3.2 and earlier
UCS E-Series M6: Cisco IMC 4.15 and earlier
UCS S-Series Storage Server: Cisco IMC 4.2 and earlier and 4.3
→ Cisco Evolved Programmable Network Manager (EPNM): < 8.0 and 8.1- Type: Remote Code Execution, Command Injection, Missing Authorization
- CVE/CVSS
→ CVE-2026-20160: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-20094: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-20095: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
→ CVE-2026-20096: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
→ CVE-2026-20097: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
→ CVE-2026-20155: CVSS 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Sources
Cisco - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Cisco - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt
Cisco - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3
Risks
Newly discovered vulnerabilities in different Cisco products allow attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations. With the highest score in Cisco Smart Software Manager On-Prem, to a Command Injection in Cisco Unified Computing System (Standalone), to a Missing Authorization in Cisco Evolved Programmable Network Manager (EPNM).
Cisco Smart Software Manager On-Prem is Cisco’s on-prem license server for Smart Licensing, used to manage Cisco product licenses locally.
Cisco Unified Computing System (Standalone) is Cisco’s integrated compute platform for servers, networking, and unified management, including standalone rack servers managed through Cisco IMC.
Cisco Evolved Programmable Network Manager (EPNM) is Cisco’s all-in-one network management platform for carrier-grade packet and optical networks, with lifecycle management, provisioning, assurance, and monitoring.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2026-20160, has been identified in Cisco Smart Software Manager On-Prem, and Cisco classifies it as an arbitrary command execution issue with a CVSS score of 9.8 and no available workaround. According to Cisco’s fixed-release information, versions 9-202502 through 9-202510 are affected, versions earlier than 9-202502 are not vulnerable, and 9-202601 is the first fixed release.
Multiple high-severity vulnerabilities, CVE-2026-20094 through CVE-2026-20097, affect the web-based management interface of Cisco IMC across standalone UCS systems, ENCS platforms, Catalyst 8300 Series Edge uCPE, and related appliances, and Cisco rates the advisory at CVSS 8.8 with no available workaround. CVE-2026-20094 can be exploited by an authenticated remote attacker with read-only privileges to perform command injection, while CVE-2026-20095 and CVE-2026-20096 require admin-level privileges for command injection and CVE-2026-20097 can lead to arbitrary code execution as the root user.
A high-severity vulnerability, CVE-2026-20155, has been identified in Cisco Evolved Programmable Network Manager (EPNM), where improper authorization checks on a REST API endpoint can allow an authenticated remote attacker with low privileges to access sensitive information they are not authorized to view. A successful exploit can expose active user session information, including administrator sessions. Cisco’s fixed-software table shows that 8.1 and earlier are affected, with 8.1.2 as the first fixed release for 8.1 and 8.0 and earlier requiring migration to a fixed release.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Please refer to Cisco advisories in the Source section for all the details related to all the affected versions and the fixed versions.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.