CVE-2023-28971Improper Restriction of Communication Channel to Intended Endpoints in Networks Paragon Active Assurance

CWE-923Improper Restriction of Communication Channel to Intended Endpoints4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 76.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Paragon Active AssuranceJuniper Paragon Active Assurance
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Test Agents (TA) Appliance connects to the Control Center (CC) using OpenVPN. TA's are assigned an internal IP address in the 100.70.0.0/16 range. Firewall rules exists to limit communication from TA's

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/paragon_active_assuranceunspecified4.1.2

🔴Vulnerability Details

2
GHSA
GHSA-749h-rrm4-w97r: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Ass2023-04-18
CVEList
Paragon Active Assurance: Enabling the timescaledb enables IP forwarding2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28971: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Ass2023-04-17
CVE-2023-28971 — HIGH severity | cvebase