CVE-2022-22229

Name of the Vulnerable Software and Affected Versions Juniper Networks Paragon Active Assurance (Formerly Netrounds) versions prior to 3.1.1 Juniper Networks Paragon Active Assurance (Formerly Netrounds) version 3.2 prior to 3.2.1

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as a Cross-site Scripting (XSS) vulnerability, specifically a stored or persistent XSS. This vulnerability in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance allows a high-privilege attacker with 'WRITE' permissions to store malicious scripts. These scripts can infect any other authorized user's account when they trigger the malicious script while managing the device, enabling the attacker to execute commands with permissions up to that of the superuser account.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later. For version 3.2 prior to 3.2.1, update to version 3.2.1 or later.