CVE-2025-20352 Not Detecting All Affected Versions?

mblough · October 1, 2025, 3:46pm

Anyone else noticing that some versions that are included in the Cisco “Affected Versions” for this release are not properly detected in this CVE within IVM? We have several versions that are on the list that do not show as vulnerable (with multiple recent scans).

Thanks.

martin_votruba · October 2, 2025, 7:38am

Hi, our vulnerability check is not looking only at the affected version, but also on the model and the configuration of the device. As per the advisory the vulnerability affects devices that have SNMP turned on

Note: This vulnerability affects all versions of SNMP. All devices that have SNMP enabled and have not explicitly excluded the affected object ID (OID) should be considered vulnerable. For details on excluding the OID, see the Workarounds section of this advisory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte

Could it be that those devices do not have SNMP configured?

Martin Votruba
Principal Software Engineer @ Rapid7

mblough · October 2, 2025, 12:38pm

These devices definitely do have SNMP configured at the moment.

jaguiar · October 2, 2025, 1:02pm

Just chiming in.

We do not have Cisco devices in our environment. Do you have standalone Scan Engines or is your Security Console a hybrid? Have you made sure that the SNMP credentials have been added to the Security Console and are being included in your scans? Are your Cisco devices configured with v1/2 or v3? Hopefully the latter!

martin_votruba · October 2, 2025, 1:09pm

If they have SNPM configured, then we should be detecting this vulnerability. Could you please open a ticket with Support? Thanks

mblough · October 2, 2025, 1:13pm

I put one in yesterday and provided the scan logs that were requested. I have not hear back since then.

martin_votruba · October 2, 2025, 5:25pm

I have had a look on your case and found the root cause, we are missfingerprinting your Cisco IOS XE instance as Cisco IOS. We are going to update our detection logic to fix this.

mblough · October 2, 2025, 7:06pm

Thank you for the update, Martin. It is appreciated. Will the case be updated stating when the logic has changed, so that I can get them re-scanned as quick as possible?

Thanks

martin_votruba · October 3, 2025, 8:28pm

The fix has been release in the latest content update 1.1.3717. @mblough you should be able to re-scan once you receive this update.

Have a nice weekend,
Martin

mblough · October 3, 2025, 9:00pm

Thanks, I will check back on Monday.

mblough · October 8, 2025, 6:14pm

This didn’t appear to fix anything in my environment.

abarnett-r7 · October 21, 2025, 2:03pm

@mblough were you able to resolve this by working with your network admin to permit the Rapid7 scan engine to target the Cisco device(s) via SNMP?

mblough · October 21, 2025, 2:17pm

Yes, the SNMP fingerprint seems to be working much better. We have been much more successful in getting the correct OS’s on these devices.