漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apstra: SSH host key validation vulnerability for managed devices
Vulnerability Description
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
未进行实体认证的密钥交换
Vulnerability Title
Juniper Networks Apstra 安全漏洞
Vulnerability Description
Juniper Networks Apstra是美国瞻博网络(Juniper Networks)公司的一款数据中心网络自动化与意图驱动管理平台。 Juniper Networks Apstra 6.1.1之前版本存在安全漏洞,该漏洞源于SSH主机密钥验证不足,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A