Up to 2 million Cisco devices are susceptible to an actively exploited zero-day that can crash or remotely execute code on vulnerable systems.
cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system that powers a wide variety of the company’s network devices. The vulnerability can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code that runs with unrestricted root privileges. It has a severity rating of 7.7 out of a possible 10.
Expose SNMP to the Internet? Yeah
“The Cisco Product Security Incident Response Team (PSIRT) became aware of the successful exploitation of this vulnerability in the wild after local administrator credentials were compromised,” Wednesday’s advisory states. “Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”
The vulnerability is the result of a stack overflow bug in the IOS component that handles SNMP (simple network management protocol), which routers and other devices use to collect and manage information about devices within a network. The vulnerability is exploited by sending crafted SNMP packets.
To execute malicious code, the remote attacker must have possession of read-only community stringa form of SNMP-specific authentication to access managed devices. These chains are often shipped with devices. Even when modified by an administrator, read-only community strings are typically widely known within an organization. The attacker would also require privileges on vulnerable systems. With that, the attacker can gain RCE (remote code execution) capabilities that run as root.
#million #Cisco #devices #affected #days #actively #exploited
