CVE-2024-30406

CVSS V2 None CVSS V3 None

Description

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.

Overview

CVE ID
CVE-2024-30406

Assigner
juniper

Vulnerability Status
PUBLISHED

Published Version
2024-04-12T15:04:06.515Z

Last Modified Date
2024-05-16T20:42:37.549Z

Weakness Enumerations

CWE	URL
CWE-313	http://cwe.mitre.org/data/definitions/313.html

References

Reference URL	Reference Tags
https://supportportal.juniper.net/JSA79104	vendor-advisory
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html	product
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html	product
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N	technical-description

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-30406
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30406

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 11:20:13				Added to TrackCVE