"Cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system that powers a wide variety of the company's networking devices. The vulnerability can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code that runs with unfettered root privileges. It carries a severity rating of 7.7 out of a possible 10."
""The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised," Wednesday's advisory stated. "Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability." The vulnerability is the result of a stack overflow bug in the IOS component that handles SNMP (simple network management protocol), which routers and other devices use to collect and handle information about devices inside a network."
CVE-2025-20352 is a stack overflow bug in the SNMP handling component of Cisco IOS and IOS XE and affects all supported releases. Crafted SNMP packets can trigger the vulnerability to crash devices or enable remote code execution. Low-privileged actors can cause denial-of-service conditions, while higher-privileged actors with a read-only SNMP community string and system privileges can run code as root. Read-only community strings frequently ship with devices or remain widely known within organizations. Successful exploitation was observed after local Administrator credentials were compromised. The vulnerability has a severity rating of 7.7 and requires upgrading to fixed releases.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]