Juniper Paragon Active Assurance Control Center vulnerabilities

5 known vulnerabilities affecting juniper/paragon_active_assurance_control_center.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2024-30381HIGHCVSS 8.4v4.1.0v4.2.02024-04-12
CVE-2024-30381 [HIGH] CWE-200 CVE-2024-30381: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Para An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) expo
nvd
CVE-2024-21589HIGHCVSS 7.5v3.1.0v3.2.0+4 more2024-01-12
CVE-2024-21589 [HIGH] CWE-284 CVE-2024-21589: An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control C An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which a
nvd
CVE-2022-22229HIGHCVSS 8.4fixed in 3.1.1v3.2.02022-10-18
CVE-2022-22229 [HIGH] CWE-79 CVE-2022-22229: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infec
nvd
CVE-2022-22190HIGHCVSS 7.5v3.1.02022-04-14
CVE-2022-22190 [HIGH] CWE-284 CVE-2022-22190: An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Ce An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows us
nvd
CVE-2021-0232HIGHCVSS 7.4fixed in 2.35.6≥ 2.36, < 2.36.22021-04-22
CVE-2021-0232 [HIGH] CWE-284 CVE-2021-0232: An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Cent An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect
nvd