CVE-2025-13914
SSH Key Exchange Vulnerability in Juniper Apstra Enables MITM Attack
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper_networks | apstra | to 6.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-322 | The product performs a key exchange with an actor without verifying the identity of that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Key Exchange without Entity Authentication issue in the SSH implementation of Juniper Networks Apstra. It allows an unauthenticated man-in-the-middle (MITM) attacker to impersonate managed devices.
The root cause is insufficient SSH host key validation, which enables an attacker to intercept SSH connections from Apstra to managed devices, impersonate those devices, and potentially capture user credentials.
This affects all versions of Apstra before 6.1.1.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform a man-in-the-middle attack on SSH connections between Apstra and managed devices.
As a result, the attacker can impersonate managed devices and capture sensitive user credentials, potentially leading to unauthorized access and compromise of network devices.