Unauthorized Access to Sensitive Information in Paragon Active Assurance Control Center
CVE-2024-30381

8.4HIGH

Key Information:

Vendor: Juniper Networks
Status: Paragon Active Assurance
Vendor: CVE Published:; 12 April 2024

Summary

A vulnerability has been identified within the Juniper Networks Paragon Active Assurance Control Center that allows unauthorized access to sensitive information. Specifically, the issue resides in the 'netrounds-probe-login' daemon, also known as probe_serviced, which facilitates various operations related to the Test Agent Appliance. This daemon inadvertently exposes functions that allow network-adjacent attackers with root access to retrieve sensitive details about downstream devices by accessing an internal database object. This vulnerability affects specific versions of the Paragon Active Assurance, including versions 4.1.0 and 4.2.0, highlighting a significant security risk for users relying on this platform.

Affected Version(s)

Paragon Active Assurance 4.1.0

Paragon Active Assurance 4.2.0

References

https://supportportal.juniper.net/JSA79173

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/A...

technical-description

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 26, 2024