NopeCHAToggle navigationGitHubDiscordChromeFireFoxEdgePythonNode.jsNode.jsPython fileJavaScript fileSign inSign outCheckLight themeDark themeAuto themeSubscriptionsBillingActivityProfileCoinbase commerceStripePayPalCredit cardPlusEditCollapseExpandLinkCopyListPackageSearch

Ssh-2.0-cisco-1.25 Vulnerability

Older Cisco SSH stacks often default to algorithms now considered "broken" or "weak":

However, "Cisco-1.25" is found across many different IOS versions. Depending on which IOS version you are running, your device might be vulnerable to several real, documented threats: SSH Terrapin Prefix Truncation Weakness - Cisco Community

SSH0: Exchanging versions - SSH-2.0-Cisco-1.25 SSH0: send SSH message: outdated is NULL server version string: SSH-2.0-Cisco-1.25 ssh-2.0-cisco-1.25 vulnerability

Prevent protocol downgrade vulnerabilities (like Terrapin) by disabling weak, legacy encryption ciphers and message authentication codes (MACs) within global configuration mode:

that a Cisco device sends when a connection is initiated over port 22. Cisco Community Older Cisco SSH stacks often default to algorithms

To prevent similar vulnerabilities in the future, administrators should:

Where possible, replace password-based SSH authentication with strong, ed25519 or RSA (3072-bit or higher) key pairs. This eliminates the risk of password brute-forcing and mitigates several classes of authentication vulnerabilities. Key-based authentication should be enforced alongside proper revocation mechanisms to prevent unauthorized access if a key is compromised. This eliminates the risk of password brute-forcing and

When an automated compliance audit flags this banner, it signals that the target network infrastructure may be susceptible to authentication bypasses, denial-of-service (DoS) conditions, or cryptographic weaknesses. Anatomy of the Handshake Banner

While the banner itself is not a vulnerability, it indicates that the device is running a specific version of Cisco's proprietary SSH code. As of early 2026, this version has been linked to several critical security flaws, most notably a recent Unauthenticated Remote Code Execution (RCE) vulnerability. Vulnerability Overview: Unauthenticated RCE A major vulnerability (tracked as cisco-sa-erlang-otp-ssh-xyZZy

A successful exploit allows for unauthenticated remote code execution (RCE) on the target system. This can lead to full system compromise, including unauthorized data access and denial of service (DoS).

For older Cisco environments, indicates that the device mandates the secure SSH version 2.0 protocol while operating on an older internal Cisco SSH code branch ( Cisco-1.25 ). Security scanning engines parse this plaintext banner during passive reconnaissance to match the asset against historically documented vulnerabilities. Associated Historical Vulnerabilities