Paragon Active Assurance Control Center: Information disclosure vulnerability
CVE-2024-21589

7.4HIGH

Key Information:

Vendor: Juniper Networks
Status: Paragon Active Assurance
Vendor: CVE Published:; 12 January 2024

Summary

An Improper Access Control vulnerability exists in the Juniper Networks Paragon Active Assurance Control Center, allowing unauthenticated network-based attackers to gain unauthorized access to sensitive reports. This vulnerability could enable malicious actors to exfiltrate user data by bypassing authentication requirements. The issue originated from a feature introduced in version 3.1.0, designed to permit selective sharing of account data. It is crucial for users of the affected versions to assess their systems and apply necessary mitigations, as the SaaS offering of Paragon Active Assurance remains unaffected.

Affected Version(s)

Paragon Active Assurance 3.2.0 < 3.2.*

Paragon Active Assurance 3.2.2 < 3.2.*

Paragon Active Assurance 3.3.0 < 3.3.*

References

https://supportportal.juniper.net/JSA75727

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/A...

technical-description

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Dec 27, 2023