Zero Day MonitorZDM

← Back to list

8.7

CVE-2025-13914PATCHED

juniper · apstra

Apstra: SSH host key validation vulnerability for managed devices

Description

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.

Affected Products

Vendor	Product	Versions
juniper	apstra	0

References

https://kb.juniper.net/JSA107862(vendor-advisory)

Related News (2 articles)

Tier C

VulDB25d ago

CVE-2025-13914 | Juniper Apstra up to 6.1.0 SSH key exchange without entity authentication (JSA107862)

→ No new info (linked only)

Tier B

BSI Advisories26d ago

[NEU] [hoch] Juniper Patchday April 2026: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.18.7 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

6.1.1

CWECWE-322

PublishedApr 9, 2026

Last enriched25d agov2

Trending Score3

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple vulnerabilities in Juniper Secure Analytics

HIGHCVE-2026-33788

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

HIGHCVE-2026-33785

Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

MEDIUMCVE-2025-30650

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

HIGHCVE-2026-21916

Junos OS: A low privileged user can escalate their privileges so that they can login as root

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: affectedVersions

Apr 10, 2026

Patch Available

Apr 14, 2026

Version History

v2

Last enriched 25d ago

v2Tier C25d ago

Updated affected versions to include 6.1.0 and corrected exploit availability to false.

affectedVersions

via VulDB

v126d ago

Initial creation