Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJuniperCVELIST:CVE-2024-30406
HistoryApr 12, 2024 - 3:04 p.m.

CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials

2024-04-1215:04:06
CWE-313
juniper
www.cve.org
2
juniper networks
local attack
cleartext storage
junos os evolved
acx series
paragon active assurance
test agent
file on disk
vulnerability
network devices
security issue
privileged
credentials recovery

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS4

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

15.5%

JSON

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.

This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.

This issue does not affect releases before 23.1R1-EVO.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Paragon Active Assurance Test Agent",
      "ACX Series"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThanOrEqual": "23.2R2-EVO",
        "status": "affected",
        "version": "23.1R1-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Related

vulnrichment 1
cve 1
nvd 1
vulnrichment
vulnrichment
CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials
2024-04-12 15:04:06
cve
cve
CVE-2024-30406
2024-04-12 15:15:25
nvd
nvd
CVE-2024-30406
2024-04-12 15:15:25

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS4

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for CVELIST:CVE-2024-30406
vulnrichment1cve1nvd1