Keys belonging to former employees or legacy automation scripts often remain authorized inside device configurations indefinitely.
. It affects the Secure Shell (SSH) implementation in certain Cisco products, potentially allowing authenticated remote attackers to cause a device reload, resulting in a Denial of Service (DoS) Vulnerability Summary Vulnerability Name: ssh20cisco125 (CVE-2022-20864) Threat Type: Denial of Service (DoS) Attack Vector: Remote, Authenticated ssh20cisco125 vulnerability exclusive
The server's state machine fails to correctly represent internal states when processing these specific traffic patterns, leading to memory corruption or unexpected execution flow. A successful exploit allows the attacker to: Execute Arbitrary Code: Keys belonging to former employees or legacy automation
--- - name: Patch SSH-2-Cisco-1.25 vulnerability hosts: cisco_devices become: yes ssh20cisco125 vulnerability exclusive
Organizations running these versions should upgrade immediately, as are available to mitigate this vulnerability.
: