CVE-2024-21589

Name of the Vulnerable Software and Affected Versions Juniper Networks Paragon Active Assurance versions 3.1.0 through 3.4.0

Description An Improper Access Control issue allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature introduced in version 3.1.0 of the Paragon Active Assurance Control Center allows users to selectively share account data, which can be exploited to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data.

Recommendations For versions 3.1.0 through 3.4.0, consider disabling the report sharing feature until a patch is available to prevent unauthorized access to sensitive information. Restrict access to the report handler component to minimize the risk of exploitation. Avoid using the selective account data sharing feature in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.