Cisco Warns of Actively Exploited IOS/IOS XE Flaw, Issues Urgent Patches
Cisco has issued a critical security alert for devices running vulnerable versions of IOS and IOS XE with SNMP enabled. Attackers are actively exploiting a flaw that allows arbitrary code execution as a root user, giving them full control of affected systems.
The vulnerability, caused by a stack overflow condition triggered by a specially crafted SNMP packet, affects Cisco devices with administrative privileges. It can be exploited to cause denial-of-service conditions or execute code with root privileges, depending on permissions.
Cisco urges customers to install the provided software updates to fix the issue. Administrators can check their systems' risk using CLI commands, and patches are available. If an immediate update is not possible, Cisco recommends blocking access to affected Object IDs (OIDs) via SNMP configuration.
Separately, Cisco Secure Firewall Management Center appliances are affected by a Remote Code Execution (RCE) vulnerability (CVE-2025-20265) when configured with RADIUS for web-based authentication or SSH management access.
Cisco warns that attackers are already exploiting these critical security flaws. Affected customers should prioritise installing the provided updates or implementing temporary workarounds to mitigate the risks associated with these vulnerabilities.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Dubai's WETEX 2023: Global Showcase for Clean Energy & Sustainability
- Nissan Bolsters Supply Chain Compliance with New Manager and Digital Tools
