This article will dissect exactly what SSH-2.0-Cisco-1.25 means, explore the real vulnerabilities tied to this SSH implementation, distinguish between myth and fact, and provide a definitive guide to remediation.
PORT STATE SERVICE VERSION 22/tcp open ssh SSH-2.0-Cisco-1.25 | ssh-hostkey: | 1024 8a:fd:ec:e5:11:22:33:44:55:66:77:88:99:aa:bb:cc (DSA) | 2048 ab:cd:ef:12:34:56:78:90:12:34:56:78:90:12:34:56 (RSA) |_ 256 fe:dc:ba:98:76:54:32:10:ab:cd:ef:gh:ij:kl:mn:op (ECDSA) | ssh2-algos: | kex_algorithms: (1) | diffie-hellman-group1-sha1 <-- VULNERABLE (Logjam) | server_host_key_algorithms: (2) | ssh-rsa | ssh-dss <-- VULNERABLE (1024-bit DSA is weak) | encryption_algorithms: (4) | aes128-cbc <-- WEAK (CBC Mode) | 3des-cbc <-- WEAK (Sweet32) | aes192-cbc | aes256-cbc
ssh -v user@<cisco-device-ip> 2>&1 | grep "SSH-2.0-Cisco"
The identifier is not a standard CVE (Common Vulnerabilities and Exposures) number, but rather a specific SSH banner string observed on some older Cisco devices.
But is this a critical zero-day exploit? A backdoor? A misconfiguration?
Ssh-2.0-cisco-1.25 Vulnerability Updated
This article will dissect exactly what SSH-2.0-Cisco-1.25 means, explore the real vulnerabilities tied to this SSH implementation, distinguish between myth and fact, and provide a definitive guide to remediation.
PORT STATE SERVICE VERSION 22/tcp open ssh SSH-2.0-Cisco-1.25 | ssh-hostkey: | 1024 8a:fd:ec:e5:11:22:33:44:55:66:77:88:99:aa:bb:cc (DSA) | 2048 ab:cd:ef:12:34:56:78:90:12:34:56:78:90:12:34:56 (RSA) |_ 256 fe:dc:ba:98:76:54:32:10:ab:cd:ef:gh:ij:kl:mn:op (ECDSA) | ssh2-algos: | kex_algorithms: (1) | diffie-hellman-group1-sha1 <-- VULNERABLE (Logjam) | server_host_key_algorithms: (2) | ssh-rsa | ssh-dss <-- VULNERABLE (1024-bit DSA is weak) | encryption_algorithms: (4) | aes128-cbc <-- WEAK (CBC Mode) | 3des-cbc <-- WEAK (Sweet32) | aes192-cbc | aes256-cbc ssh-2.0-cisco-1.25 vulnerability
ssh -v user@<cisco-device-ip> 2>&1 | grep "SSH-2.0-Cisco" This article will dissect exactly what SSH-2
The identifier is not a standard CVE (Common Vulnerabilities and Exposures) number, but rather a specific SSH banner string observed on some older Cisco devices. A backdoor
But is this a critical zero-day exploit? A backdoor? A misconfiguration?