You can use the Cisco Software Checker to verify if your specific version of IOS is still vulnerable to this or more recent threats like CVE-2023-48795 (Terrapin) .
If an update is not immediately possible, use a VTY Access Class to restrict SSH access only to trusted management IP addresses. ssh20cisco125 vulnerability exclusive
There are no official workarounds that completely eliminate the risk other than upgrading the software or disabling the service. You can use the Cisco Software Checker to
Deploy edge filters to block port 22 (SSH) traffic from untrusted sources targeting your core infrastructure. ssh20cisco125 vulnerability exclusive
Remote and unauthenticated. An attacker does not need valid credentials to crash the device.
Use CoPP to drop unauthorized SSH packets before they reach the device's route processor.