Key points
- A vulnerability in Cisco Systems IOS and IOS XE software can cause a stack overflow condition in the software’s Simple Network Management Protocol (SNMP) subsystem, allowing attackers to execute arbitrary code or cause a denial of service (DoS) condition.
- The vulnerability, CVE-2025-20352, affects all versions of SNMP in unpatched devices running Cisco’s IOS and IOS XE software, and can be exploited by a low privileged authenticated attacker or a high-privileged attacker.
- Cisco has released software updates to fix the bug, and admins who can’t immediately patch can mitigate the issue by only allowing trusted users to have SNMP access on an affected system and monitoring affected systems using the show SNMP host command.
According to sources, network admins should quickly patch a vulnerability in Cisco Systems IOS and IOS XE software to remove a stack overflow condition in the software’s Simple Network Management Protocol (SNMP) subsystem. The vulnerability, CVE-2025-20352, can allow a low privileged authenticated attacker to cause a denial of service (DoS) condition by sending a crafted SNMP packet to an affected device. On the other hand, a high-privileged attacker can execute arbitrary code as the root user and obtain full control of the affected system.
Experts warn that attackers will likely have proofs of concept (PoCs) of an exploit within hours, thanks to AI tools. David Shipley, head of Canadian security awareness firm Beauceron Security, says that he "wouldn’t delay patching" because of the risk of attacks. The vulnerability has a high CVSS score of 7.7, which indicates a significant risk.
To exploit the vulnerability, an attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. Additionally, to execute code as the root user, the attacker must have administrative or privilege 15 credentials on the affected device. Ed Dubrovsky, chief operating officer of US-based incident response firm Cypfer, notes that a successful attacker would need to be authenticated, which adds an extra layer of complexity to the attack.
The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised. The team has released software updates to fix the bug, and admins who can’t immediately patch can mitigate the issue by only allowing trusted users to have SNMP access on an affected system and monitoring affected systems using the show SNMP host command.
It’s worth noting that Meraki MS390 and Cisco Catalyst 9300 Series Switches running Meraki CS 17 and earlier are also affected, while Cisco devices running IOS XR or NX-OS software are not. The flaw is fixed in Cisco IOS XE Software Release 17.15.4a. As the vulnerability can be exploited by an insider who has the necessary credentials, it’s essential for organizations to have multi-level authentication for both SNMP and devices to reduce the risk of exploitation.
Overall, the vulnerability poses a significant risk to organizations, and it’s crucial to patch the vulnerability as soon as possible to prevent attacks. Microsoft and Azure users who rely on Cisco devices should be aware of the vulnerability and take necessary steps to mitigate the risk. By patching the vulnerability and implementing additional security measures, organizations can reduce the risk of exploitation and protect their networks from potential attacks. The Cisco advisory provides more information on the vulnerability and the necessary steps to mitigate the risk, and admins should review it carefully to ensure the security of their networks.
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
