Ssh-2.0-cisco-1.25 Vulnerability Extra Quality | 2027 |

Many Cisco devices using the SSH stack were found to be vulnerable to the Terrapin attack .

Security research reports from April 2025 highlighted significant global exposure for devices identifying as "SSH-2.0-Cisco-1.25". Approximately 92,000 exposed instances found. Censys: Over 103,000 instances identified. FOFA: Up to 309,000 instances detected. Related Historical Vulnerabilities

If it connects without warning → vulnerable. ssh-2.0-cisco-1.25 vulnerability

Check Cisco’s advisory for your exact hardware and feature set.

A significant vulnerability in the SSH version 2 protocol implementation allows unauthenticated, remote attackers to bypass user authentication. To exploit this, an attacker must know a valid username configured for RSA-based authentication. Many Cisco devices using the SSH stack were

ssh -v user@<cisco-device-ip> 2>&1 | grep "SSH-2.0-Cisco"

The format of an SSH protocol banner is strictly defined by Internet Engineering Task Force (IETF) standards to ensure interoperability during the initial connection handshake. Censys: Over 103,000 instances identified

Look for SSH-2.0-Cisco-1.25 and then check supported KEX/algorithms. Older banners often still allow diffie-hellman-group1-sha1 (weak).

Many Cisco devices using the SSH stack were found to be vulnerable to the Terrapin attack .

If it connects without warning → vulnerable.

Check Cisco’s advisory for your exact hardware and feature set.

ssh -v user@<cisco-device-ip> 2>&1 | grep "SSH-2.0-Cisco"

The format of an SSH protocol banner is strictly defined by Internet Engineering Task Force (IETF) standards to ensure interoperability during the initial connection handshake.

Look for SSH-2.0-Cisco-1.25 and then check supported KEX/algorithms. Older banners often still allow diffie-hellman-group1-sha1 (weak).