Patch now: Attackers are targeting Cisco network devices
Network equipment supplier Cisco warns of attacks on routers and switches, among other things. Admins should install the latest security updates.
(Image: heise online)
Cisco's network operating systems, IOS and IOS XE, are vulnerable. The developers have now closed several security gaps. Attackers are already exploiting one vulnerability. The extent of the attacks is currently unclear. Security patches are available for download.
Admins can find further information on the vulnerabilities, affected devices, and updates in the alerts linked below this article.
Protect networks
The currently exploited vulnerability (CVE-2025-20352 “high”) affects devices such as routers and switches with IOS and IOS XE. The starting point for attackers is an error in the Network Management Protocol (SNMP). At this point, they can use prepared SNMP packets that they send via Ipv4 or Ipv6 networks. If attacks are successful, this leads to a DoS state and the resulting crashes. In the worst case, attackers even execute malicious code as root, which leads to systems being completely compromised. In both cases, however, attackers must already be authenticated.
The most dangerous vulnerability (CVE-2025-20334 “high”) is categorized in the HTTP API subsystem of ISO XE. If attackers without authentication trick victims into clicking on a manipulated link, they can then execute commands with root privileges.
By successfully exploiting the remaining vulnerabilities, attackers can mainly create DoS states or bypass authentication or security measures. Admins should promptly ensure that the security updates are installed.
Videos by heise
List sorted by threat level in descending order:
- IOS XE Software HTTP API Command Injection
- IOS XE Software Network-Based Application Recognition Denial of Service
- IOS and IOS XE Software TACACS+ Authentication Bypass
- IOS XE Software Simple Network Management Protocol Denial of Service
- IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution (Attacks observed)
- IOS Software Industrial Ethernet Switch Device Manager Denial of Service
- IOS XE Software for Catalyst 9000 Series Switches Denial of Service
- IOS XE Software Secure Boot Bypass
- IOS and IOS XE Software CLI Denial of Service
- IOS XE Software Web UI Reflected Cross-Site Scripting
- IOS XE Software CLI Argument Injection
- SD-WAN vEdge Software Access Control List Bypass
- IOS XE Software for Catalyst 9800 Series Wireless Controller for Cloud Unauthenticated Access to Certificate Enrollment Service
- IOS XE Software on Cisco Catalyst 9500X and 9600X Series Switches Virtual Interface Access Control List Bypass
- Access Point Software Intermittent IPv6 Gateway Change
- Wireless Access Point Software Device Analytics Action Frame Injection
(des)
