Vulnerability [updated] - Ssh-2.0-cisco-1.25

: A flaw in the SSHv2 public key authentication implementation could allow a remote attacker to bypass user authentication by using a crafted private key. This requires the attacker to know a valid username and the corresponding public key. SSH Denial of Service (CVE-2020-3200)

: A vulnerability in the SSH state machine of Cisco IOS and IOS-XE Software could allow an authenticated, remote attacker to cause the device to reload by sending a specific traffic pattern, leading to a Denial of Service (DoS). Terrapin Attack (CVE-2023-48795) ssh-2.0-cisco-1.25 vulnerability

Most security scanners (Nessus, Qualys, OpenVAS) flag SSH-2.0-Cisco-1.25 as – not critical alone, but a strong indicator the device is outdated. : A flaw in the SSHv2 public key

Security scanners do not flag ssh-2.0-cisco-1.25 as a vulnerability itself. They flag it because . If SSH is not required and the device

If SSH is not required and the device cannot be upgraded, disable the SSH service entirely and manage the device via console cable (out-of-band management) to remove the remote attack vector.

If you see this banner, the device is likely vulnerable to one or more of the following: