"Cisco has disclosed a serious security vulnerability in IOS and IOS XE software that allows both denial of service and remote code execution via the Simple Network Management Protocol, or SNMP for short. This is an actively exploited zero-day vulnerability. It is registered as CVE-2025-20352. The vulnerability has a CVSS score of 7.7. The vulnerability is caused by a stack overflow in the SNMP subsystem."
"An attacker with valid SNMP credentials can use specially crafted packets to disrupt the operation of an affected device or even gain complete control. With low privileges, the system can be restarted. This results in a denial-of-service attack. With higher privileges, arbitrary code can be executed as root. Full administrative privileges are then available and attackers can take complete control of the infrastructure."
A stack overflow vulnerability exists in the SNMP subsystem of Cisco IOS and IOS XE (CVE-2025-20352), allowing denial-of-service and remote code execution with a CVSS score of 7.7. Attackers with valid SNMP credentials can send crafted packets to restart devices or execute arbitrary code as root, gaining full administrative control. Shodan research indicates roughly two million Cisco devices have SNMP exposed to the internet, increasing potential impact across enterprise and critical infrastructure. Affected devices include those with SNMP enabled without excluding the impacted OIDs, plus Meraki MS390 and Catalyst 9300 switches on older Meraki CS 17. Patches are the only reliable fix; excluding specific OIDs is disruptive and no viable workarounds exist.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]