Unauthorized Access to Sensitive Information in Paragon Active Assurance Control Center
CVE-2024-30381

8.4HIGH

Key Information:

Vendor

Juniper Networks
Status
Paragon Active Assurance
Vendor
CVE Published:
12 April 2024

What is CVE-2024-30381?

A vulnerability has been identified within the Juniper Networks Paragon Active Assurance Control Center that allows unauthorized access to sensitive information. Specifically, the issue resides in the 'netrounds-probe-login' daemon, also known as probe_serviced, which facilitates various operations related to the Test Agent Appliance. This daemon inadvertently exposes functions that allow network-adjacent attackers with root access to retrieve sensitive details about downstream devices by accessing an internal database object. This vulnerability affects specific versions of the Paragon Active Assurance, including versions 4.1.0 and 4.2.0, highlighting a significant security risk for users relying on this platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Paragon Active Assurance 4.1.0

Paragon Active Assurance 4.2.0

References

https://supportportal.juniper.net/JSA79173
vendor-advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/A...
technical-description

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.