Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentJuniperVULNRICHMENT:CVE-2024-30406
HistoryApr 12, 2024 - 3:04 p.m.

CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials

2024-04-1215:04:06
CWE-313
juniper
github.com
5
juniper networks
cleartext storage
file on disk
vulnerability
paragon active assurance
local attacker
high privileges
credentials
23.1r1-evo
23.2r2-evo

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS4

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.

This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.

This issue does not affect releases before 23.1R1-EVO.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "status": "affected",
        "version": "23.1R1-EVO",
        "versionType": "semver",
        "lessThanOrEqual": "23.2R2-EVO"
      }
    ],
    "platforms": [
      "Paragon Active Assurance Test Agent",
      "ACX Series"
    ],
    "defaultStatus": "unaffected"
  }
]

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials
2024-04-12 15:04:06
cve
cve
CVE-2024-30406
2024-04-12 15:15:25
nvd
nvd
CVE-2024-30406
2024-04-12 15:15:25

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS4

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-30406
cvelist1cve1nvd1