CVE-2024-30381 — Sensitive Information Exposure in Networks Paragon Active Assurance

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

8.4HIGHNVD

EPSS

0.1%

top 71.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Paragon Active Assurance Juniper Paragon Active Assurance Control Center

Timeline

PublishedApr 12

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Affected Packages2 packages

▶NVDjuniper/paragon_active_assurance_control_center4.1.0, 4.2.0+1

▶CVEListV5juniper_networks/paragon_active_assurance4.1.0, 4.2.0+1

🔴Vulnerability Details

CVEList

Paragon Active Assurance: probe_serviced exposes internal objects to local users↗2024-04-12

▶

GHSA

GHSA-r9qf-w2c7-fjr5: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a netwo↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30381: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a netwo↗2024-04-12

▶