Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: critical vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and Cisco IOS XE Software, Patch Immediately!
Image
Publié : 01/10/2025
- Last update: 30/09/2025
- Affected software: For information about which Cisco IOS Software or Cisco IOS XE Software releases are vulnerable, see the Fixed Software section of the Cisco advisory.
- Type:
→ CWE-121: Stack-based Buffer Overflow
→ CWE-287: Improper Authentication
→ CWE-19: Data Processing Errors
→ CWE-835: Loop with Unreachable Exit Condition
→ CWE-805: Buffer Access with Incorrect Length Value
→ CWE-1287: Improper Validation of Specified Type of Input
→ CWE-77: Improper Neutralization of Special Elements used in a Command- CVE/CVSS
→ CVE-2025-20352: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20160: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-20311: CVSS 7.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20312: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20315: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20327: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20334: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Sources
Cisco - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
Risks
Multiple vulnerabilities in Cisco IOS and IOS XE Software could allow attackers to gain full control of affected devices, execute arbitrary commands with root privileges, and completely compromise network infrastructure. Exploitation may also enable authentication bypass and unauthorized access, exposure of sensitive data, and persistent denial of service through device reloads or port blocking, resulting in traffic disruption and operational outages. These outcomes collectively threaten the confidentiality, integrity, and availability of critical network services.
CVE‑2025‑20352 is actively exploited as a zero‑day, putting unpatched devices at immediate risk of service outages, traffic disruption, and full system compromise with root-level control.
Description
CVE‑2025‑20352 is a high‑severity stack overflow vulnerability that allows an authenticated remote attacker to send a crafted SNMP packet; low‑privileged exploitation causes DoS, while high‑privileged exploitation on IOS XE enables Remote Code Execution as root. Actively exploited.
CVE‑2025‑20160 is a high‑severity improper authentication vulnerability that allows an unauthenticated, remote attacker to intercept or spoof TACACS+ and view sensitive data or bypass authentication when a shared secret is not enforced.
CVE‑2025‑20311 is a high‑severity data‑processing error that allows an unauthenticated, adjacent attacker to send crafted Ethernet frames and block an egress port, dropping all outbound traffic (DoS) on Catalyst 9000 running IOS XE.
CVE‑2025‑20312 is a high‑severity parsing/error‑handling vulnerability that allows an authenticated, remote attacker to send a specific SNMP request and force a reload (DoS) on IOS XE (SNMPv1/2c/3).
CVE‑2025‑20315 is a high‑severity NBAR/CAPWAP vulnerability that allows an unauthenticated, remote attacker to send malformed CAPWAP packets and cause a device to reload (DoS).
CVE‑2025‑20327 is a high‑severity improper input validation vulnerability that allows an authenticated, low‑privileged remote attacker to send a crafted URL to the web UI and trigger a reload (DoS) on affected IOS Industrial Ethernet devices.
CVE‑2025‑20334 is a high‑severity command injection vulnerability that allows a remote attacker (via crafted API input with admin rights or via a malicious link clicked by a logged‑in admin) to execute arbitrary commands as root on IOS XE with HTTP API enabled.
The release also includes several medium-severity vulnerabilities, listed below:
- CVE-2025-20313: CVSS 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-20314: CVSS 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-20149: CVSS 6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
- CVE-2025-20221: CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
- CVE-2025-20240: CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
- CVE-2025-20293: CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
- CVE-2025-20316: CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
- CVE-2025-20338: CVSS 6.0 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
- CVE-2025-20339: CVSS 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N)
- CVE-2025-20364: CVSS 4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
- CVE-2025-20365: CVSS 4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
Cisco - https://sec.cloudapps.cisco.com/security/center/publicationListing.x
CISA - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20352&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-20352