Here's an example of a just reported vulnerability (Computerworld, May 26/08):
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.
Vulnerable Products: Cisco devices running certain 12.4-based IOS releases and configured to be managed via SSH may be affected by this issue.
And, from the Common Criteria Certification's list of certified products:
Cisco IOS Firewall Version 12.3(14)T and 12.4(4)T - EAL4+ certification on 27-NOV-06
Certification report: ST_VID10038-VR.pdf
Security target: ST_VID10038-ST.pdf
...and SSH was a "security target" of the evaluation:
...the security target specifies that administration of the TOE may be conducted locally via the console port or remotely via an SSH connection to the TOE-enabled router provided an external AAA service capable of single-use mechanisms is used
QED: Security Review or Certification ≠ A Secure Product
Cisco, security, CSCO