Cisco Initiative to Address Security Risks in Aging Network Infrastructure
Cisco has announced a new initiative, "Resilient Infrastructure," aimed at mitigating the security risks posed by aging and unsupported network equipment, including routers and switches. The company is responding to the growing threat landscape, where generative AI is making it easier for attackers to exploit vulnerabilities in legacy devices, many of which are no longer supported with security patches or updates. Cisco's effort includes research, industry outreach, and technical changes to how it manages its own legacy products, with a focus on both its own and other vendors' equipment still in use.
As part of this initiative, Cisco will begin issuing explicit warnings to customers when their devices are approaching end-of-life or are configured insecurely. Over time, the company plans to disable insecure options by default and eventually remove them entirely from its products. This move comes after analyses revealed that Chinese nation-state actors have exploited known vulnerabilities in Cisco equipment during high-profile attacks on telecom providers. Cisco's approach aims to make secure configurations the default and to proactively alert administrators to risky settings, thereby reducing the attack surface presented by outdated infrastructure.
Sources
Related Stories
Risks from Legacy and Unpatched Systems in Critical Infrastructure
A new Cisco report highlights the growing risk posed by legacy and unsupported systems within national critical infrastructure, revealing that nearly half of global business network assets were already aging or obsolete as of 2020. The United Kingdom, in particular, faces significant exposure, with 228 legacy systems identified across government in 2024 and over a quarter at high risk of operational or security failure. The report underscores that unsupported systems, often located at network edges, are prime targets for attackers, and that a majority of breaches in the EU during 2022 and 2023 exploited vulnerabilities with available but unapplied patches. Healthcare and other essential sectors are especially vulnerable due to concentrated use of outdated technology. Recent cyberattacks have increasingly targeted legacy firewalls and network devices, with state-sponsored groups exploiting known vulnerabilities in products from vendors such as Cisco, SonicWall, Palo Alto Networks, and Fortinet. Research indicates that 60% of enterprise firewalls fail high-severity compliance checks, reflecting deeper governance and patch management issues. Attackers are leveraging these weaknesses, often chaining exploits across network edges and VPNs, while defenders struggle with fragmented vendor alerts and outdated risk frameworks. The persistent use of unsupported technology and delayed patching continues to undermine national resilience and exposes critical infrastructure to significant cyber threats.
3 months agoActive Exploitation of Cisco SNMP Vulnerability CVE-2025-20352 in IOS and IOS XE Devices
A critical security vulnerability, CVE-2025-20352, has been identified in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE software, affecting a wide range of Cisco networking devices. This stack overflow flaw allows remote attackers with valid SNMP credentials to send specially crafted SNMP packets over IPv4 or IPv6, potentially causing denial-of-service (DoS) by forcing device reloads or, in more severe cases, enabling remote code execution as root. The vulnerability impacts all SNMP versions (v1, v2c, v3) and has been confirmed to affect both legacy and modern modular Cisco operating systems, including Meraki MS390 and Catalyst 9300 Series Switches running Meraki CS 17 and earlier. Reports indicate that up to 2 million devices globally, including those operated by ISPs and cloud providers, are potentially exposed to this vulnerability. The flaw was discovered during a Cisco Technical Assistance Center (TAC) support case and has already been exploited in the wild, prompting its addition to the CISA Known Exploited Vulnerabilities (KEV) catalog on September 29th, 2025. The exploitation of this vulnerability represents a significant escalation, as attackers have demonstrated the ability to gain administrator-level credentials and full device compromise. Rockwell Automation has issued an advisory confirming that its Lifecycle Services, specifically the Industrial Data Center (IDC) with Cisco Switching (Generations 1–5), are affected by this vulnerability. Rockwell has provided guidance on corrected software versions and available workarounds to mitigate the risk. The vulnerability poses a substantial threat to the backbone of enterprise, industrial, and service provider networks, given the widespread deployment of affected Cisco devices. Cisco’s response to the incident was initiated only after evidence of active exploitation emerged, underscoring the urgency of patching and mitigation. Organizations are strongly advised to update to the corrected Cisco software versions as soon as possible and to implement any recommended workarounds to reduce exposure. The incident highlights the ongoing risks associated with SNMP-enabled network infrastructure and the importance of credential management and network segmentation. Security teams should prioritize the identification of vulnerable devices and monitor for signs of exploitation. The rapid exploitation and large attack surface associated with CVE-2025-20352 make it a high-priority threat for organizations relying on Cisco networking equipment.
5 months ago
CISA Binding Operational Directive to Remove End-of-Life Edge Devices Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) issued a **Binding Operational Directive (BOD)** ordering federal civilian agencies to identify and remove **end-of-life/end-of-service (EOS)**, internet-facing **edge devices**—citing **widespread active exploitation** by sophisticated threat actors, including activity with **ties to nation-states**. CISA warned that unsupported devices remain in service long after vendors stop providing firmware and security updates, making them persistently vulnerable to exploitation and a recurring entry point for high-impact intrusions. The directive requires agencies to inventory unsupported edge devices within **three months**, **decommission/replace** identified EOS devices on an accelerated timeline (reported as **within one year** for removal), and establish ongoing processes for **continuous discovery/monitoring** to prevent unsupported technologies from re-entering networks. Device categories called out include common perimeter and network infrastructure such as **firewalls, routers, load balancers, switches, wireless access points, network security appliances, and IoT edge devices**; CISA is also producing a government-wide list of EOS edge devices to guide compliance. Officials emphasized the action is **not tied to a single incident**, but reflects the sustained risk and observed exploitation of unsupported edge infrastructure across federal environments, while encouraging non-federal organizations to adopt similar practices.
1 months ago