Juniper Networks Paragon Active Assurance Cross-Site Scripting Vulnerability

Juniper Networks Paragon Active Assurance is a programmable test and service assurance solution from Juniper Networks, Inc. Using software-based and traffic-generating test proxies, it can be easily used and delivered as a SaaS solution from the cloud or deployed locally in NFV environments. A security vulnerability exists in Juniper Networks Paragon Active Assurance (Netrounds) versions prior to 3.1.1, 3.2, which stems from a control center controller web page that allows an elevated-privilege attacker to have write access to store one or more malicious scripts that, when accidentally triggered by them while managing the device When they accidentally trigger a malicious script while managing a device, the scripts will infect any other authorized user’s account, which can be exploited to execute commands with superuser account privileges.