CVE-2024-30406
MEDIUMJuniper Networks Junos OS Evolved ACX - Info Disclosure
Title source: llmDescription
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA79104
Third Party Advisory product
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html
Technical Description product
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html
Vendor Advisory technical-description
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
6.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-313
Status
published
Products (3)
juniper/junos_os_evolved
23.1 (4 CPE variants)
juniper/junos_os_evolved
23.2 (4 CPE variants)
juniper/paragon_active_assurance_test_agent
Published
Apr 12, 2024
Tracked Since
Feb 18, 2026