CVE-2024-21589 — Improper Access Control in Networks Paragon Active Assurance

CWE-284 — Improper Access Control4 documents4 sources

Severity

7.5HIGHNVD

CNA7.4

EPSS

0.2%

top 60.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Paragon Active Assurance Juniper Paragon Active Assurance Control Center

Timeline

PublishedJan 12

Description

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resultin…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDjuniper/paragon_active_assurance_control_center6 versions+5

▶CVEListV5juniper_networks/paragon_active_assurance3.2.0 — 3.2.*+4

🔴Vulnerability Details

CVEList

Paragon Active Assurance Control Center: Information disclosure vulnerability↗2024-01-12

▶

GHSA

GHSA-c9hp-xj9x-p4wm: An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attac↗2024-01-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21589: An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based atta↗2024-01-12

▶