Vulnerabilities Found in Cisco SNMP Pose a Threat to Network Security
Cisco, the world’s leading network equipment manufacturer, has announced a series of critical vulnerabilities in the Simple Network Management Protocol (SNMP) system of its IOS, IOS XE, and IOS XR software. These vulnerabilities allow remote authenticated attackers to execute Denial of Service (DoS) attacks on affected devices. This could result in network failure and disruption of corporate infrastructure.
The discovered vulnerabilities are registered under the following identifiers: CVE-2025-20169, CVE-2025-20170, and CVE-2025-20171. They have received a score of 7.7 on the Common Vulnerability Scoring System (CVSS), indicating a high severity level.
These vulnerabilities arise due to improper error handling in the SNMP system of Cisco IOS, IOS XE, and IOS XR software. Attackers can exploit these vulnerabilities by sending specially crafted SNMP requests, potentially causing the device to crash.
Conditions for Exploiting the Vulnerabilities
- For SNMP v1 and v2c: The attacker must have access to read-write or read-only community strings.
- For SNMP v3: The attacker must have valid user credentials.
These vulnerabilities affect all versions of SNMP (v1, v2c, and v3). Cisco has acknowledged and expressed gratitude to security researcher “leg00m” and the Trend Micro Zero Day Initiative team for identifying and reporting these issues.
Any device running vulnerable versions of Cisco IOS, IOS XE, and IOS XR with SNMP enabled is affected.
Checking SNMP Configuration
Network administrators can verify their SNMP configuration using the following commands:
For SNMP v1/v2c:
show running-configuration | include snmp-server community
For SNMP v3:
show running-configuration | include snmp-server group
show snmp user
Recommended Security Measures
There is currently no complete fix for these vulnerabilities, but Cisco recommends the following actions:
✅ Restrict SNMP Access — Allow connections only from trusted devices.
✅ Disable Vulnerable Object Identifiers (OID) — Remove vulnerable OIDs where possible.
Cisco is actively developing software updates to address these vulnerabilities. The planned release dates are:
- IOS and IOS XE
- IOS XR
At this time, the Cisco Product Security Incident Response Team (PSIRT) has not received any reports of attacks exploiting these vulnerabilities. However, network administrators should take proactive measures and update their software to protect their networks.
The Importance of Mitigating These Vulnerabilities
Cisco’s SNMP vulnerabilities pose serious risks to network security. DoS attacks can lead to network outages, corporate data loss, and business disruptions.
Organizations using Cisco devices should take the following steps:
- Review SNMP configurations and disable vulnerable OIDs.
- Plan software updates.
- Restrict network access to trusted sources only.
As the cybersecurity landscape continuously evolves, organizations must regularly update their security strategies and promptly address vulnerabilities. Major providers like Cisco are committed to developing new solutions to protect their customers from security threats.
🔔 Important! If you use Cisco devices, staying informed about these vulnerabilities and taking necessary precautions is crucial to ensuring the security of your network.
