CVE-2024-30381
HIGHJuniper Paragon Active Assurance Cont... - Information Disclosure
Title source: ruleDescription
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA79173
Vendor Advisory technical-description
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Scores
CVSS v3
8.4
EPSS
0.0012
EPSS Percentile
30.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
juniper/paragon_active_assurance_control_center
4.1.0
juniper/paragon_active_assurance_control_center
4.2.0
Published
Apr 12, 2024
Tracked Since
Feb 18, 2026