Cisco has disclosed a number of vulnerabilities in its Easy Community Administration Protocol (SNMP) subsystem affecting Cisco IOS, IOS XE, and IOS XR software program.
These flaws, recognized as high-severity, may permit an authenticated distant attacker to set off Denial-of-Service (DoS) circumstances, disrupting community operations.
Key Particulars
In response to the Cisco Safety Advisory ID: cisco-sa-snmp-dos-sdxnSUcW, the vulnerabilities stem from improper error dealing with throughout SNMP request parsing.
Exploiting these flaws requires information of legitimate SNMP credentials. The vulnerabilities have an effect on SNMP variations 1, 2c, and three.
Attackers leveraging these vulnerabilities can ship specifically crafted SNMP requests to prone gadgets, probably inflicting surprising machine reloads (in Cisco IOS and IOS XE) or restarting the SNMP course of (in Cisco IOS XR).
The CVSS Base Rating of seven.7 displays the essential nature of those flaws for community stability.
Related CVE IDs embrace CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, and extra, with safety impression rankings starting from Medium to Excessive, relying on the particular vulnerability and affected software program.
Susceptible Gadgets
The vulnerabilities impression Cisco gadgets operating affected variations of Cisco IOS, IOS XE, or IOS XR software program with SNMP enabled. Directors can confirm their machine configurations utilizing instructions reminiscent of:
- present running-config | embrace snmp-server neighborhood (for SNMP v1/v2c)
- present snmp consumer (for SNMP v3).
If output is displayed, the SNMP characteristic is energetic, and the machine is likely to be weak.
Cisco has introduced that there are no workarounds to totally tackle these vulnerabilities right now.
Mitigations, reminiscent of disabling particular SNMP Object Identifiers (OIDs), can be found to cut back threat, however they could restrict machine administration capabilities (e.g., {hardware} stock).
The corporate strongly urges directors to implement mitigations till patches are deployed.
Cisco plans to launch software program updates to resolve these vulnerabilities. Organizations are suggested to observe the official Cisco Safety Advisory web page right here for additional updates.
These SNMP-related vulnerabilities spotlight the significance of proactive community safety measures, particularly in enterprise environments the place Cisco gadgets are extensively used.
The failings remind organizations to strengthen SNMP configurations, prohibit neighborhood strings, and deploy patches swiftly.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup - Attempt for Free
