Redazione RHC : 25 September 2025 07:31
Cisco has disclosed a zero-day vulnerability, tracked as CVE-2025-20352, in its widely used IOS and IOS XE software; this vulnerability appears to be actively exploited. This vulnerability was initially identified through an investigation into a support case at the Cisco Technical Assistance Center (TAC).
The flaw was found in the Simple Network Management Protocol (SNMP) subsystem and could allow a remote attacker to cause a remote code execution (RCE) or denial of service (DoS) condition on vulnerable devices.
The vulnerability is caused by a stack overflow condition (CWE-121) . An attacker can trigger this flaw by sending a spoofed SNMP packet over an IPv4 or IPv6 network to an affected device.
The advisory, published on September 24, 2025, confirms that all versions of SNMP (v1, v2c, and v3) are vulnerable.
Cisco confirmed that its Product Security Incident Response Team (PSIRT) found this vulnerability successfully exploited in a live environment. Attackers demonstrated an attack methodology, exploiting the flaw after compromising local administrator credentials.
Once again, it’s crucial to emphasize the importance of effective credential management and patching. A wide range of Cisco devices, including Meraki MS390 switches and Cisco Catalyst 9300 Series switches, are vulnerable due to SNMP being enabled on vulnerable versions of iOS and iOS XE software. This situation underscores the urgent need for robust credential management and system updates.
Any device with SNMP enabled is considered vulnerable unless specific configurations have been implemented to block malicious traffic. Administrators can use the show running-config command to determine if SNMP is enabled on their systems.
Cisco has released software updates to address this vulnerability and strongly recommends all customers upgrade to a patched software release to fully address the issue . The advisory, identified as cisco-sa-snmp-x4LPhte, clarifies that no workarounds are available.
Redazione