Critical RCE Vulnerability in Cisco Products: Your Infrastructure May Be at Risk

Recent cybersecurity analyses have uncovered a highly dangerous vulnerability in the SSH (Secure Shell) component of the Erlang/OTP platform used in Cisco products. Registered as CVE-2025-32433, this vulnerability has been assigned a CVSS score of 10.0—the highest possible severity rating. It allows attackers to infiltrate systems without any authentication and execute arbitrary code, potentially gaining full remote control over affected devices.

The vulnerability stems from improper handling of SSH protocol messages during the authentication process. Essentially, the system fails to properly validate incoming SSH messages, enabling attackers to covertly inject malicious code into the process.

What makes this vulnerability particularly alarming is that it requires no credentials, such as a login or password, making it an unauthenticated exploit and significantly amplifying the threat.

🎯 Affected Cisco Products

✅ Products Confirmed as Vulnerable:

  • ConfD and ConfD Basic (Cisco Bug ID: CSCwo83759)
  • Cisco Network Services Orchestrator (NSO) (Cisco Bug ID: CSCwo83796)

Patches for these products are scheduled for release in May 2025.

🕵️ Products Under Active Investigation:

  • Network Management: Cyber Vision, Smart PHY, VTS, NSO
  • Routers and Switches: ASR 5000, Catalyst (DNA) Center, RV Series Routers
  • Video/TelePresence Systems: Expressway, VCS
  • Virtual Infrastructure: VIM, Ultra Cloud Core components

Cisco is actively analyzing these products to determine the extent of their exposure to the vulnerability.

⚠️ Why This Is Critical

  1. Unauthenticated Access: Attackers can gain entry to systems without any user privileges.
  2. Remote Code Execution (RCE): The ability to run any command or malicious program remotely.
  3. Full Network Compromise: Potential for complete system takeover, data theft, or service disruption.
  4. Socioeconomic Impact: Such vulnerabilities can lead to significant financial and reputational losses beyond technical damage.

🛡️ Recommendations and Countermeasures

🔧 Monitor and Apply Updates:

Regularly check Cisco’s official announcements for updates specific to your products and apply them immediately upon release.

📍 Inventory Your Assets:

Identify all Cisco devices running SSH services based on Erlang/OTP and assess their vulnerability to this issue.

🔐 Restrict SSH Access:

Implement intelligent network segmentation and Access Control Lists (ACLs) to allow access only from trusted IP addresses.

🧾 Monitor Traffic:

Activate Intrusion Detection and Prevention Systems (IDS/IPS) to continuously analyze SSH traffic and detect anomalous activity.

The risk posed by this vulnerability is unprecedented. If your systems utilize SSH services powered by Erlang/OTP, they require immediate attention. Any delay could provide attackers with an opportunity to exploit the vulnerability.

🔒 Prevention Is the Best Defense in Cybersecurity

For organizations using Cisco products, this is not merely a warning but a call to action. If you have additional observations or technical insights, we recommend sharing them with relevant organizations or, if necessary, with us.

Sources:

  • Official Notification from the UAE Cyber Security Council (TLP: WHITE).
  • Cisco Official Advisory: https://sec.cloudapps.cisco.com
  • Erlang/OTP Security Advisory: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fg5-7wc2
  • Qualys Research Report: https://threatprotect.qualys.com

🔒 Act today to secure your tomorrow!