CVE-2021-0232Improper Access Control in Networks Paragon Active Assurance

CWE-284Improper Access ControlCWE-290Authentication Bypass by SpoofingCWE-668Resource Exposure5 documents5 sources
Severity
7.4HIGHNVD
EPSS
0.5%
top 36.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Paragon Active AssuranceJuniper Paragon Active Assurance Control CenterFedoraproject Fedora
Timeline
PublishedApr 22
Latest updateMay 24

Description

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions p

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5juniper_networks/paragon_active_assuranceunspecified2.35.6+1

Also affects: Fedora 35

🔴Vulnerability Details

2
GHSA
GHSA-g9rq-p8h7-mcj8: An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information2022-05-24
CVEList
Paragon Active Assurance: Authentication bypass vulnerability in Control Center2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0232: An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information2021-04-22
CVE-2021-0232 — Improper Access Control | cvebase