Vulnerability | Ssh-2.0-cisco-1.25

The string SSH-2.0-Cisco-1.25 SSH server banner typically seen when connecting to Cisco IOS or IOS-XE devices. This banner itself is a version string, not a specific vulnerability, but its presence indicates the device is running a version of the Cisco SSH implementation that may be susceptible to several known protocol-level and implementation-specific vulnerabilities. Devolutions Forum Key Vulnerabilities Associated with Cisco SSH

Cisco-1.25: Refers to a specific legacy version of the Cisco SSH stack found in various Cisco IOS, IOS XE, and older PIX/ASA software releases.

The SSH-2.0-Cisco-1.25 vulnerability is a serious security issue that requires immediate attention. By understanding the vulnerability and taking steps to mitigate it, organizations can protect their Cisco devices and prevent potential security breaches. ssh-2.0-cisco-1.25 vulnerability

Example: SSH-2.0-Cisco-1.25

4. Weak Key Exchange Algorithms (Not a CVE, but a Risk)

Devices reporting ssh-2.0-cisco-1.25 often default to outdated Key Exchange (Kex) algorithms, such as diffie-hellman-group1-sha1. This algorithm uses a 768-bit prime modulus, which is computationally feasible to break with sufficient resources (e.g., a nation-state or well-funded attacker). Modern standards require 2048-bit (group14) or higher. The string SSH-2

Because this version is dated, it is frequently flagged by scanners because it supports weak cryptographic algorithms or is susceptible to protocol-level attacks discovered in recent years. Top Vulnerabilities Linked to This Version

1. Cisco IOS SSH v1 Deprecation Issue (CVE-2011-0764)

While not exclusively tied to 1.25, many devices with this banner have SSHv1 compatibility enabled by default. SSHv1 contains fundamental cryptographic weaknesses (e.g., CRC-32 integrity check vulnerability). A successful attack could allow session hijacking or insertion of malicious data. Not a backdoor

❌ Common Misconceptions

  • Not a backdoor.
  • Not a default credential issue (unless weak passwords exist separately).
  • Not an SSH-buffer overflow like in some OpenSSH CVEs.

! Add an ACL to management plane (Control Plane Policing or management ACL) access-list 100 permit tcp host 192.168.1.100 any eq 22 access-list 100 deny tcp any any eq 22 line vty 0 4 access-class 100 in

Scroll to Top