The string SSH-2.0-Cisco-1.25 SSH server banner typically seen when connecting to Cisco IOS or IOS-XE devices. This banner itself is a version string, not a specific vulnerability, but its presence indicates the device is running a version of the Cisco SSH implementation that may be susceptible to several known protocol-level and implementation-specific vulnerabilities. Devolutions Forum Key Vulnerabilities Associated with Cisco SSH
While this affects many devices showing the Cisco-1.25 banner, it specifically impacts those running the Erlang-based SSH service. Summary of Risk Exposure
:
Security practitioners often argue whether reports of ssh-2.0-cisco-1.25 are "false positives."
Security scanners do not flag ssh-2.0-cisco-1.25 as a vulnerability itself. They flag it because .
Rosa was the network engineer for a small regional hospital. One quiet Sunday she noticed unusual login attempts on a Cisco router that connected the hospital’s outpatient clinics. The logs showed a banner string: “SSH-2.0-Cisco-1.25.” She recognized the banner from a vendor advisory she’d skimmed weeks earlier but had never fully investigated.
that a Cisco device sends when a connection is initiated over port 22. Cisco Community