Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software
CVE-2025-20174

7.7HIGH

Key Information:

Vendor
Cisco
Status
iOS
Cisco iOS Xe Software
Vendor
CVE Published:
5 February 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists within the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software that can be exploited by an authenticated, remote attacker. The root cause of this issue is improper error handling during the parsing of SNMP requests. An attacker capable of sending a specially crafted SNMP request to the targeted device may cause it to reload unexpectedly, leading to a Denial of Service condition. This vulnerability affects all versions of SNMP including v1, v2c, and v3. For exploitation via SNMP v2c or earlier, knowledge of a valid read-write or read-only SNMP community string is required, while exploitation through SNMP v3 necessitates valid user credentials.

Affected Version(s)

Cisco IOS XE Software 3.11.1S

Cisco IOS XE Software 3.11.2S

Cisco IOS XE Software 3.11.0S

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.