ET WEB_SERVER Cisco IOS Authenticated SNMP Remote Code Execution (CVE-2025-20352)

SID: 2069171Rev: 18 views

Sourceet/open

CreatedMay 5, 2026

UpdatedMay 5, 2026

Classificationattempted-user

alert snmp any any -> $HOME_NET 161 (msg:"ET WEB_SERVER Cisco IOS Authenticated SNMP Remote Code Execution (CVE-2025-20352)"; flow:established,to_server; content:"|30|"; depth:1; byte_test:1,<,0x80,1; byte_test:1,<,0x02,4; content:"|06 0D 2B 06 01 04 01 09 09 85 10 01 04 02 01|"; fast_pattern; pcre:"/^.{0,256}(?:\x24\x28|\x3b|\x7c|\x60)/R"; reference:url,www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html; reference:cve,2025-20352; classtype:attempted-user; sid:2069171; rev:1; metadata:affected_product Cisco_IOS, attack_target Networking_Equipment, created_at 2026_05_05, cve CVE_2025_20352, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, updated_at 2026_05_05; target:dest_ip;)

References

url	www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
cve	2025-20352

Metadata

affected productCisco_IOS

attack targetNetworking_Equipment

created at2026_05_05

cveCVE-2025-20352

deploymentInternal

confidenceMedium

signature severityMajor

updated at2026_05_05

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!