An attacker only needs a valid username and its associated public key to log in; the corresponding private key is not required for cryptographic verification. Cisco Security Advisory
If immediate patching is not possible, disable the web interface or SSH access on publicly exposed interfaces. ssh20cisco125 vulnerability exclusive
Threat Intelligence: Enterprise Targets and Exploitation Trends An attacker only needs a valid username and
Relying entirely on perimeter firewalls is insufficient when a vulnerability targets the communication protocol itself. Use this prescriptive playbook to defend your infrastructure: Step 1: Audit Device Inventory and Configurations ssh20cisco125 vulnerability exclusive
Enforce SSHv2 exclusively across the enterprise infrastructure to completely deprecate vulnerability windows open to SSHv1 traffic. Router# configure terminal Router(config)# ip ssh version 2 Use code with caution. Step 2: Enforce RSA Key Cryptography and Re-generation
(already default):