Improper resource management and logic errors during SSH session negotiation.

Remote and unauthenticated. An attacker does not need valid credentials to crash the device.

Devices running Cisco IOS 12.4-based releases.

The vulnerability lies within the server-side SSH implementation. It allows an attacker to send crafted packets during the SSH session establishment phase.

Use CoPP to drop unauthorized SSH packets before they reach the device's route processor.

The most effective remediation is to apply the relevant patch provided by Cisco Support .

While modern Cisco NX-OS and IOS XE have faced their own SSH-related vulnerabilities—such as CVE-2023-20050 and CVE-2022-20920—the era vulnerability is distinct because of its legacy nature.

Ssh20cisco125 Vulnerability Exclusive File

Improper resource management and logic errors during SSH session negotiation.

Remote and unauthenticated. An attacker does not need valid credentials to crash the device. ssh20cisco125 vulnerability exclusive

Devices running Cisco IOS 12.4-based releases. Improper resource management and logic errors during SSH

The vulnerability lies within the server-side SSH implementation. It allows an attacker to send crafted packets during the SSH session establishment phase. ssh20cisco125 vulnerability exclusive

Use CoPP to drop unauthorized SSH packets before they reach the device's route processor.

The most effective remediation is to apply the relevant patch provided by Cisco Support .

While modern Cisco NX-OS and IOS XE have faced their own SSH-related vulnerabilities—such as CVE-2023-20050 and CVE-2022-20920—the era vulnerability is distinct because of its legacy nature.