A: No. Modern Cisco platforms run a completely different SSH stack (often based on OpenSSH) and report different version strings (e.g., SSH-2.0-Cisco-2.0 or SSH-2.0-OpenSSH_8.2 ).
Ensure SSH version 2 is still enabled and banner changes to a newer string (e.g., SSH-2.0-Cisco-1.26 or higher). ssh-2.0-cisco-1.25 vulnerability
| CVE | Description | Fixed in | |------|-------------|-----------| | | SSHv2 server DoS via crafted SSH packet → reload | IOS 15.1(2)T, 15.2(1)T | | CVE-2015-6274 | Algorithm negotiation bypass → weak encryption forced | IOS 15.4(3)M, 15.5(3)M | | CVE-2016-6376 | Memory exhaustion via multiple SSHv2 key exchanges | IOS 15.5(3)M3 | | CVE-2018-0151 | Remote code execution via SSHv2 (rare, but present in older banners) | IOS 15.6(3)M2 | | CVE | Description | Fixed in |
The “Cisco-1.25” likely refers to an internal version tag used in Cisco’s SSH implementation. This may correspond to: SSH-2.0-Cisco-1.26 or higher).
Powered by Discuz! X3.4
© 2001-2023 Discuz! Team.
