Ssh-2.0-cisco-1.25 Vulnerability Page

The identifier is not a specific vulnerability itself, but rather the SSH banner string that many Cisco IOS and IOS XE devices use to identify their software version during an SSH handshake. When vulnerability scanners flag this string, they are typically reporting that the device is susceptible to a broader protocol-level flaw, most commonly the Terrapin Attack (CVE-2023-48795). What is the SSH-2.0-Cisco-1.25 "Vulnerability"?

Log into the device and run:

Devices reporting ssh-2.0-cisco-1.25 often default to outdated Key Exchange (Kex) algorithms, such as diffie-hellman-group1-sha1 . This algorithm uses a 768-bit prime modulus, which is computationally feasible to break with sufficient resources (e.g., a nation-state or well-funded attacker). Modern standards require 2048-bit (group14) or higher. ssh-2.0-cisco-1.25 vulnerability

Rosa was the network engineer for a small regional hospital. One quiet Sunday she noticed unusual login attempts on a Cisco router that connected the hospital’s outpatient clinics. The logs showed a banner string: “SSH-2.0-Cisco-1.25.” She recognized the banner from a vendor advisory she’d skimmed weeks earlier but had never fully investigated. The identifier is not a specific vulnerability itself,

UA Flag
Activity
 Admin contact
23,627 posts in 4,987 threads, 1,570 registered users;
117 visitors (0 registered, 117 guests [including 26 identified bots]).
Forum time: 00:46 CEST (Europe/Vienna)

The whole purpose of education is
to turn mirrors into windows.    Sydney J. Harris

The Bioequivalence and Bioavailability Forum is hosted by
BEBAC Ing. Helmut Schütz
HTML5