- Cisco Patches CVE-2025-20352, a high severity SNMP actively exploited in nature
- The attackers can cause DOs or obtain root access using SNMP packets and identification information designed
- No bypass solution exists; Users must apply Cisco or use temporary mitigation steps
Cisco has corrected high severity vulnerability in its iOS and iOS Xe software which, according to him, is actively exploited in nature.
In a recently published security notice, the company said it has discovered and set a battery overflow condition in the Simple network management protocol (SNMP) subsystem of the operating system. It is followed as CVE-2025-20352 and has a gravity score of 7.7 / 10 (high).
The successful exploitation of the bug could grant unavied attackers the ability to recharge systems and cause a back condition. A very privileged attacker, on the other hand, could use the bug to execute arbitrary code as a root user and fully resume the compromised termination points.
Patchs and attenuations
To cause the back, the attacker must have SNMPV2C or a only previous reading community chain or valid SNMPV3 user identification information, the networking giant explained.
To execute the code as a root user, the attacker must have the reading community chain only SNMPV1 or V2C or valid SNMPV3 user information and administrative or privilege identification information 15 on the affected device. The fault can be used via a personalized SNMP package sent to IPV4 or IPv6.
All devices carrying out a vulnerable version of iOS and iOS XE are affected, said the company, adding that all the old versions of SNMP have been imperfect. This includes switches from the Meraki MS390 series and Cisco Catalyst 9300 who also execute Meraki CS 17.
To combat vulnerability, Cisco has published a correction and warned users to apply it immediately since the bug is actively abused in the wild: “The response team for security incidents of Cisco (PSIRT) products has become aware of the successful exploitation of this vulnerability in the wild after the local administrator information has been compromised,” said the company.
There is no bypass to approach the fault, but there is an attenuation which can be used as a temporary solution before the deployment of the fix. More details on mitigation can be found on this link.
Via Bleeping Compompute
