What's Happening?
Trend Micro has reported a new campaign targeting older Cisco routers, exploiting a zero-day vulnerability to deploy rootkits. The vulnerability, CVE-2025-20352, was patched in September, but unpatched
devices remain at risk. The campaign, dubbed Operation ZeroDisco, targets devices like Cisco 9400, 9300, and legacy 3750G series, using a universal password for unauthorized access. Attackers exploit SNMP and Telnet flaws to achieve remote code execution and lateral movement across networks.
Why It's Important?
This security breach highlights vulnerabilities in older network infrastructure, posing significant risks to organizations relying on outdated Cisco devices. The deployment of rootkits can lead to data breaches, unauthorized access, and potential disruption of services. Companies using these devices may face increased cybersecurity threats, necessitating urgent updates and security measures. The incident underscores the importance of regular patching and upgrading of network equipment to safeguard against evolving cyber threats.
What's Next?
Organizations with affected Cisco devices should contact Cisco TAC for a thorough investigation and remediation. Trend Micro advises monitoring for unusual network activity and implementing endpoint detection solutions. The cybersecurity community may see increased collaboration to develop tools for detecting and mitigating such threats. Cisco is likely to issue further guidance and updates to assist affected users in securing their systems.
