| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| Exploit for Stack-based Buffer Overflow in Cisco Ios | 25 Sep 202519:21 | – | githubexploit | |
| The vulnerability of the implementation subsystem of the SNMP protocol for Cisco IOS and Cisco IOS XE operating systems allows a perpetrator to execute arbitrary code. | 29 Sep 202500:00 | – | bdu_fstec | |
| CVE-2025-20352 | 24 Sep 202516:41 | – | circl | |
| Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | 29 Sep 202500:00 | – | cisa_kev | |
| CISA Adds Five Known Exploited Vulnerabilities to Catalog | 29 Sep 202512:00 | – | cisa | |
| Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | 24 Sep 202516:00 | – | cisco | |
| Cisco IOS Software SNMP DoS RCE (cisco-sa-snmp-x4LPhte) | 3 Oct 202500:00 | – | nessus | |
| Cisco IOS和Cisco IOS XE Software 安全漏洞 | 24 Sep 202500:00 | – | cnnvd | |
| CVE-2025-20352 | 24 Sep 202517:10 | – | cve | |
| CVE-2025-20352 | 24 Sep 202517:10 | – | cvelist |
#TRUSTED 1544e03b1482e893c819ef841a05c98a5d8d54ed6df2930ebb562c86497a083b2d0f6444cf3b466b832a85938b707db1250e27c4065ffddbc46b00b22ffc93a4f0bec013b1816d791948f5c73a37f6911d4304d42e699d3c66eec168422474483e82f850d0e804a85c07ad0d0cd8e519187790a9b43b6e3dc5bff2fc78cbf0b723299b5f8027e7ef3032459db19a4f67ebbe209e7ad007b9778274594fdc3945a402f2088b1277f8f5666ad93d477f8d590ec2ac8401b822aeac744d042bd17009d1637d08290234953d19d2503331e278a00ebcfb50b3d7603136110c380e61c5f2334400b53a01ac55b440a6e0bb28b23129b442359ffaa575acc8dcbadfab533870ee5d3b363498886281e584a5b8a296d72f61d6acd269acb1412157541c8e7f7c72fe1a8064657d80f81a117bdef3d40f6b311d5b1678dedbfa4631251f47bdd9a4138bda7330bd58886d13ab1ec3b8476cd8aa141b344d9a89f439b10c86d3b65942ddce0081b722a118dbdb5cf4b2398a2ffe9935bec68afcdc18046f0c19362c213d8b7ffc8c0738db2add820b8a624d80135f6086fa8804c3f0efbb6be1bd7d14ea7aa5fbb0f4b70e6244026f2821e7438f2e678dfca7bc54e903dc7cbeb418934729b00a9d6fe287d80615fd74dadfb533a662c26dafc18c775f8a1c5042eca6ade871ba478ee401ceec011ba53c2b546f9294991d998deb10c028
#TRUST-RSA-SHA256 5d05a2b1e6af1851cc9202b5f80af985e0a2c577156fecd9ca05a5e8eaece4a84472cde11eff8e742008501068aa96e0c90d7388c2faf72f512305216069b36096188ebe46dab5b3561b25fa898b919097098e0c027d9f4e87465da78537149fa7d53aeb273a24170718ea05baecbb8089b54506b4cfcbf5a951ca0da4facb2719ba9ee9620d82dc2093f29e18c79909ebbfa29e6a3c2977dba4d137cf418c36217986fa84f1f8fe636c6dba80e2cbeef54fa92ad3163cf361272fd8e72c6977e086beb42cb2ec308d27341774c727af2a374339bc49dea37ef2751096921b1b901030ef6453b7e52df58f7070780e7160f1127d633ada858a006f5413f98b0c995b0d9e488d11bc56296a9539d1e627055588f9f220ab8ace53b0803601d6331bd5af0b283bf619237079dcbbfaf6ef106fdec1d1140eeb1e79cf6f6c07aae20626ab5c3bdf89e3f08074969abcac200ad88bbf40e82e5e2726ed1ce826b8a69fae154e919a70e5bbc1d95cdf38c31e74b32de147fa473421398c2082d36bb93f6eb0f63b1d9767a8f5702b6dd982108e4bab15572db547720537753010be070c499e1a37ddede9643220cdb174fb8bf472de16d0319fea3bd8a82e7aeee9d69c3ff0bbae41e5377c4e7d3170adbacf514db5da7b3e30139891b8bfdfacb5c56efe2002c14bd71ccd7ef045ea8289f95be0880c90fac35e45380e1f0345d2b5
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(266453);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/16");
script_cve_id("CVE-2025-20352");
script_xref(name:"CISCO-BUG-ID", value:"CSCwq31287");
script_xref(name:"CISCO-SA", value:"cisco-sa-snmp-x4LPhte");
script_xref(name:"IAVA", value:"2025-A-0701");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/10/20");
script_name(english:"Cisco IOS XE Software SNMP DoS RCE (cisco-sa-snmp-x4LPhte)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
- A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco
IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could
cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or
Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community
string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could
execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code
as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user
credentials and administrative or privilege 15 credentials on the affected device. An attacker could
exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6
networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected
software. A successful exploit could allow a low-privileged attacker to cause the affected system to
reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the
root user and obtain full control of the affected system. Note: This vulnerability affects all versions
of SNMP. (CVE-2025-20352)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b02fe37");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75296
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?acad5d9e");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq31287");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwq31287");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-20352");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2025/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/03");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var model = product_info.model;
if (empty_or_null(model)) model = '';
var version_list=make_list(
'3.5.0E',
'3.5.0SQ',
'3.5.1E',
'3.5.1SQ',
'3.5.2E',
'3.5.2SQ',
'3.5.3E',
'3.5.3SQ',
'3.5.4SQ',
'3.5.5SQ',
'3.5.6SQ',
'3.5.7SQ',
'3.5.8SQ',
'3.6.0E',
'3.6.0aE',
'3.6.0bE',
'3.6.1E',
'3.6.2E',
'3.6.2aE',
'3.6.3E',
'3.6.4E',
'3.6.5E',
'3.6.5aE',
'3.6.6E',
'3.6.7E',
'3.6.7aE',
'3.6.7bE',
'3.6.8E',
'3.6.9E',
'3.6.9aE',
'3.6.10E',
'3.7.0E',
'3.7.1E',
'3.7.2E',
'3.7.3E',
'3.7.4E',
'3.7.5E',
'3.8.0E',
'3.8.1E',
'3.8.2E',
'3.8.3E',
'3.8.4E',
'3.8.5E',
'3.8.5aE',
'3.8.6E',
'3.8.7E',
'3.8.8E',
'3.8.9E',
'3.8.10E',
'3.8.10cE',
'3.8.10dE',
'3.9.0E',
'3.9.1E',
'3.9.2E',
'3.9.2bE',
'3.10.0E',
'3.10.0cE',
'3.10.1E',
'3.10.1aE',
'3.10.1sE',
'3.10.2E',
'3.10.3E',
'3.11.0E',
'3.11.1E',
'3.11.1aE',
'3.11.2E',
'3.11.2aE',
'3.11.3E',
'3.11.3aE',
'3.11.4E',
'3.11.5E',
'3.11.6E',
'3.11.7E',
'3.11.8E',
'3.11.9E',
'3.11.10E',
'3.11.11E',
'3.11.12E',
'3.14.0S',
'3.14.1S',
'3.14.2S',
'3.14.3S',
'3.14.4S',
'3.15.0S',
'3.15.1S',
'3.15.1cS',
'3.15.2S',
'3.15.3S',
'3.15.4S',
'3.16.0S',
'3.16.0aS',
'3.16.0bS',
'3.16.0cS',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.2bS',
'3.16.3S',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.4cS',
'3.16.4dS',
'3.16.4eS',
'3.16.4gS',
'3.16.5S',
'3.16.5aS',
'3.16.5bS',
'3.16.6S',
'3.16.6bS',
'3.16.7S',
'3.16.7aS',
'3.16.7bS',
'3.16.8S',
'3.16.9S',
'3.16.10S',
'3.16.10aS',
'3.16.10bS',
'3.17.0S',
'3.17.1S',
'3.17.1aS',
'3.17.2S',
'3.17.3S',
'3.17.4S',
'3.18.0S',
'3.18.0SP',
'3.18.0aS',
'3.18.1S',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.18.1cSP',
'3.18.1gSP',
'3.18.1hSP',
'3.18.1iSP',
'3.18.2S',
'3.18.2SP',
'3.18.2aSP',
'3.18.3S',
'3.18.3SP',
'3.18.3aSP',
'3.18.3bSP',
'3.18.4S',
'3.18.4SP',
'3.18.5SP',
'3.18.6SP',
'3.18.7SP',
'3.18.8aSP',
'3.18.9SP',
'16.6.1',
'16.6.2',
'16.6.3',
'16.6.4',
'16.6.4a',
'16.6.4s',
'16.6.5',
'16.6.5a',
'16.6.5b',
'16.6.6',
'16.6.7',
'16.6.7a',
'16.6.8',
'16.6.9',
'16.6.10',
'16.7.1',
'16.7.1a',
'16.7.1b',
'16.7.2',
'16.7.3',
'16.7.4',
'16.8.1',
'16.8.1a',
'16.8.1b',
'16.8.1c',
'16.8.1d',
'16.8.1e',
'16.8.1s',
'16.8.2',
'16.8.3',
'16.9.1',
'16.9.1a',
'16.9.1b',
'16.9.1c',
'16.9.1d',
'16.9.1s',
'16.9.2',
'16.9.2a',
'16.9.2s',
'16.9.3',
'16.9.3a',
'16.9.3h',
'16.9.3s',
'16.9.4',
'16.9.4c',
'16.9.5',
'16.9.5f',
'16.9.6',
'16.9.7',
'16.9.8',
'16.9.8a',
'16.9.8b',
'16.10.1',
'16.10.1a',
'16.10.1b',
'16.10.1c',
'16.10.1d',
'16.10.1e',
'16.10.1f',
'16.10.1g',
'16.10.1s',
'16.10.2',
'16.10.3',
'16.11.1',
'16.11.1a',
'16.11.1b',
'16.11.1c',
'16.11.1s',
'16.11.2',
'16.12.1',
'16.12.1a',
'16.12.1c',
'16.12.1s',
'16.12.1t',
'16.12.1w',
'16.12.1x',
'16.12.1y',
'16.12.1z',
'16.12.1z1',
'16.12.1z2',
'16.12.2',
'16.12.2a',
'16.12.2s',
'16.12.2t',
'16.12.3',
'16.12.3a',
'16.12.3s',
'16.12.4',
'16.12.4a',
'16.12.5',
'16.12.5a',
'16.12.5b',
'16.12.6',
'16.12.6a',
'16.12.7',
'16.12.8',
'16.12.9',
'16.12.10',
'16.12.10a',
'16.12.11',
'16.12.12',
'16.12.13',
'17.1.1',
'17.1.1a',
'17.1.1s',
'17.1.1t',
'17.1.2',
'17.1.3',
'17.2.1',
'17.2.1a',
'17.2.1r',
'17.2.1v',
'17.2.2',
'17.2.3',
'17.3.1',
'17.3.1a',
'17.3.1w',
'17.3.1x',
'17.3.1z',
'17.3.2',
'17.3.2a',
'17.3.3',
'17.3.3a',
'17.3.4',
'17.3.4a',
'17.3.4b',
'17.3.4c',
'17.3.5',
'17.3.5a',
'17.3.5b',
'17.3.6',
'17.3.7',
'17.3.8',
'17.3.8a',
'17.4.1',
'17.4.1a',
'17.4.1b',
'17.4.1c',
'17.4.2',
'17.4.2a',
'17.5.1',
'17.5.1a',
'17.6.1',
'17.6.1a',
'17.6.1w',
'17.6.1x',
'17.6.1y',
'17.6.1z',
'17.6.1z1',
'17.6.2',
'17.6.3',
'17.6.3a',
'17.6.4',
'17.6.5',
'17.6.5a',
'17.6.6',
'17.6.6a',
'17.6.7',
'17.6.8',
'17.6.8a',
'17.7.1',
'17.7.1a',
'17.7.1b',
'17.7.2',
'17.8.1',
'17.8.1a',
'17.9.1',
'17.9.1a',
'17.9.1w',
'17.9.1x',
'17.9.1x1',
'17.9.1y',
'17.9.1y1',
'17.9.2',
'17.9.2a',
'17.9.3',
'17.9.3a',
'17.9.4',
'17.9.4a',
'17.9.5',
'17.9.5a',
'17.9.5b',
'17.9.5c',
'17.9.5d',
'17.9.5e',
'17.9.5f',
'17.9.6',
'17.9.6a',
'17.9.6b',
'17.9.7',
'17.9.7a',
'17.9.7b',
'17.10.1',
'17.10.1a',
'17.10.1b',
'17.11.1',
'17.11.1a',
'17.12.1',
'17.12.1a',
'17.12.1w',
'17.12.1x',
'17.12.1y',
'17.12.1z',
'17.12.1z1',
'17.12.1z2',
'17.12.1z3',
'17.12.1z4',
'17.12.2',
'17.12.2a',
'17.12.3',
'17.12.3a',
'17.12.4',
'17.12.4a',
'17.12.4b',
'17.12.5',
'17.12.5a',
'17.12.5b',
'17.12.5c',
'17.13.1',
'17.13.1a',
'17.14.1',
'17.14.1a',
'17.15.1',
'17.15.1a',
'17.15.1b',
'17.15.1w',
'17.15.1x',
'17.15.1y',
'17.15.1z',
'17.15.2',
'17.15.2a',
'17.15.2b',
'17.15.2c',
'17.15.3',
'17.15.3a',
'17.15.3b',
'17.15.4',
'17.16.1',
'17.16.1a',
'17.17.1',
'17.18.1'
);
var bid = 'CSCwq31287';
var smus = {};
if (model =~ "^C9(200|300|400|500|600|800)") smus['17.15.4'] = bid;
var workarounds = make_list(CISCO_WORKAROUNDS['snmp_v1_or_v2c_enabled'], CISCO_WORKAROUNDS['snmp_v3_enabled']);
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , bid
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
reporting:reporting,
smus:smus,
vuln_versions:version_list
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation