Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability
TL;DR 📌
A privilege escalation vulnerability has been identified in the Cisco IOS Software Industrial Ethernet Switch Device Manager. This issue could allow authenticated remote attackers to elevate their privileges. The vulnerability has a CVSS score of 8.3 (High severity). Cisco has released software updates to address this vulnerability, and there are no workarounds available.
What happened 🕵️♂️
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software allows an authenticated remote attacker to elevate privileges due to insufficient validation of authorizations for authenticated users. By sending a crafted HTTP request to an affected device, an attacker with valid credentials for a user account with privilege level 5 or higher could exploit this vulnerability to gain privilege level 15.
Affected products 🖥️
This vulnerability affects the following Cisco Industrial Ethernet Series Switches when running a vulnerable release of Cisco IOS Software with HTTP enabled:
- IE 2000 Series
- IE 4000 Series
- IE 4010 Series
- IE 5000 Series
To check if the HTTP Server feature is enabled, use the command show running-config | include ip http server|secure|active in the CLI.
Fixed software 🔧
Upgrade to at least the first fixed release in your train (or later):
| Product / Release Train | First Fixed Release | Notes |
|---|---|---|
| ISE / ISE-PIC 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds that directly address this vulnerability. However, disabling the HTTP Server feature can eliminate the attack vector. To do this, use the commands no ip http server and no ip http secure-server in global configuration mode. Customers should evaluate the impact of this mitigation in their own environments before implementation.
Risk in context 🎯
With a CVSS score of 8.3, this vulnerability poses a significant risk, especially for environments where the affected devices are accessible over the network. Organizations should prioritize applying the available software updates to mitigate potential exploitation.
Fast facts ⚡
- Vulnerability ID: CVE-2025-20164
- CVSS Score: 8.3 (High)
- Affected Products: Cisco Industrial Ethernet Switches (IE 2000, 4000, 4010, 5000 Series)
- Exploitation: Requires valid credentials for a user account with privilege level 5 or higher.
- Mitigation: Disable HTTP Server feature.
For leadership 🧭
This advisory highlights a critical vulnerability that could allow unauthorized privilege escalation in Cisco Industrial Ethernet Switches. It is essential for IT leadership to ensure that affected devices are updated promptly and that the HTTP Server feature is disabled if immediate updates cannot be applied. Regularly reviewing security advisories and maintaining up-to-date software is crucial for safeguarding network integrity.