Up to 2 million Cisco devices is subject to actively operated zero day, which can remotely fail or execute the code in vulnerable systems.
Cisco He said on Wednesday The fact that the vulnerability, monitored as the CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system that supports the wide range of network devices. Vulnerability can be used by low -accurate users to create an attack in the refusal of services or more privileged users to perform code, which works with indefinite Root privileges. It has a gravity rating of 7.7 possible 10.
Exposing SNMP on the Internet? Yeah
“The response team to Cisco (Psirt) safety incidents found out about the successful operation of this vulnerability in the wild after the powers of the local administrator were compromised,” the advice on Wednesday says. “Cisco strongly recommends that customers are updated to fixed software release to correct this vulnerability.”
Vulnerability is the result of the stack overflow error in the iOS component, which processes SNMP (a simple network control protocol), which routers and other devices are used to collect and process information about devices inside the network. Vulnerability is used by sending the manufactured SNMP packages.
To fulfill the malicious code, the distant attacker must have possession The community line is only for readingSNMP-specific authentication form for access to controlled devices. Often such strings are delivered with devices. Even when it is modified by the administrator, the lines of the community only for reading are often widely known within the organization. The attacker will also require privileges in vulnerable systems. At the same time, the attacker can get the capabilities of RCE (remote code execution), which work as Root.
