Cisco SSM On-Prem vulnerabilities: Find impacted assets

## Executive Summary Cisco disclosed two vulnerabilities in Smart Software Manager On-Prem: CVE-2026-20160, a critical (CVSS 9.8) remote unauthenticated command execution stemming from an exposed internal service that can yield root access, and CVE-2026-20151, a high (CVSS 7.3) web-interface privilege escalation allowing a System User to obtain administrative session credentials. Affected versions include 9-202502 through 9-202510 (for CVE-20160) and 9-202510 and earlier (for CVE-20151); Cisco advises upgrading to 9-202601 or later and provides a runZero query to find potentially impacted hosts.