Juniper Networks Paragon Active Assurance vulnerabilities
6 known vulnerabilities affecting juniper_networks/paragon_active_assurance.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6
Vulnerabilities
Page 1 of 1
CVE-2024-30381HIGHCVSS 8.4v4.1.0v4.2.02024-04-12
CVE-2024-30381 [HIGH] CWE-200 CVE-2024-30381: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Para
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.
The "netrounds-probe-login" daemon (also called probe_serviced) expo
cvelistv5nvd
CVE-2024-21589HIGHCVSS 7.5≥ 3.2.0, < 3.2.*≥ 3.2.2, < 3.2.*+3 more2024-01-12
CVE-2024-21589 [HIGH] CWE-284 CVE-2024-21589:
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control C
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information.
A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which a
cvelistv5nvd
CVE-2023-28971HIGHCVSS 7.2≥ unspecified, < 4.1.22023-04-17
CVE-2023-28971 [HIGH] CWE-923 CVE-2023-28971: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescal
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Test Agents (TA) Appliance connects to the Control Cent
cvelistv5nvd
CVE-2022-22229HIGHCVSS 8.4≥ unspecified, < 3.1.1≥ 3.2, < 3.2.12022-10-18
CVE-2022-22229 [HIGH] CWE-79 CVE-2022-22229: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infec
cvelistv5nvd
CVE-2022-22190HIGHCVSS 7.5v3.1.02022-04-14
CVE-2022-22190 [HIGH] CWE-284 CVE-2022-22190: An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Ce
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows us
cvelistv5nvd
CVE-2021-0232HIGHCVSS 7.4≥ unspecified, < 2.35.6≥ 2.36, < 2.36.22021-04-22
CVE-2021-0232 [HIGH] CWE-284 CVE-2021-0232: An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Cent
An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect
cvelistv5nvd