CVE-2025-20176
Published: 05 February 2025
Description
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
Security Summary
CVE-2025-20176 is a vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software that could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The issue stems from improper error handling when parsing SNMP requests, affecting SNMP versions 1, 2c, and 3. Published on 2025-02-05, it has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-248 (Uncaught Exception).
An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. Exploitation requires authentication: for SNMP v2c or earlier, knowledge of a valid read-write or read-only SNMP community string; for SNMP v3, valid SNMP user credentials. A successful exploit would cause the device to reload unexpectedly, resulting in a DoS condition.
Cisco has published a security advisory with details on the vulnerability, affected releases, and mitigation steps, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW.
Details
- CWE(s)