HomePortfolioAdvisoryCisco IOS and IOS XE Software SNMP DOS & RCE Vulnerability

Cisco IOS and IOS XE Software SNMP DOS & RCE Vulnerability

Cisco IOS and IOS XE Software SNMP DOS & RCE Vulnerability

  • November 18, 2025
  • Posted by: Chernor Jalloh
  • Categories:
No Comments

THREAT OVERVIEW

Cisco has released an urgent security advisory regarding a high-severity vulnerability (CVE-2025-20352) affecting Cisco IOS and IOS XE Software. The flaw exists in the Simple Network Management Protocol (SNMP) subsystem and is being actively exploited in the wild.

This vulnerability allows:
• Low-privileged authenticated attackers to cause a Denial of Service (DoS) by reloading affected devices.
• High-privileged authenticated attackers to achieve Remote Code Execution (RCE) as root, leading to full system compromise.
Cisco confirmed successful exploitation in attacks following the compromise of administrator credentials.

TECHNICAL DETAILS

• CVE ID: CVE-2025-20352
• CWE: CWE-121 (Stack-Based Buffer Overflow)
• Cisco Advisory ID: cisco-sa-snmp-x4LPhte
• Cisco Bug ID: CSCwq31287
• Severity: High,
• CVSS v3.1 Score: 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

AFFECTED PRODUCTS:

o Cisco IOS and IOS XE Software with SNMP enabled
o Meraki MS390 and Catalyst 9300 switches (running Meraki CS 17 and earlier)

 

IMPACT

Successful exploitation could lead to:
• Service disruption via DoS attacks.
• Complete device takeover through root-level execution.
• Network-wide compromise if exploited across critical infrastructure.

 

MITIGATION & WORKAROUNDS

• No permanent workarounds are available.
• Mitigation options:
o Restrict SNMP access to trusted, authenticated sources only.

o Monitor devices using show snmp host and exclude affected OIDs via SNMP views where supported.

 

SOLUTION

Cisco has released fixed software updates that remediate this vulnerability.
• Customers should upgrade immediately using Cisco’s Software Checker Tool.
• Ensure devices are updated to IOS XE Release 17.15.4a or later (for Meraki MS390 and Catalyst 9300).

 

RECOMMENDATION

1. Patch immediately – upgrade all vulnerable Cisco IOS and IOS XE devices.
2. Limit SNMP exposure – restrict access and remove unused SNMP configurations.
3. Monitor systems – actively log and review SNMP traffic for anomalies.
4. Harden credentials – enforce strong authentication for SNMPv3 and limit admin accounts.

 

REFERENCE

o Bleepingcomputer
o Cisco Security Advisory
o CVE Details
o SL-CSIRT



This website uses cookies and asks your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).
Ok, I agree Privacy Policy