CVE-2024-30381

Name of the Vulnerable Software and Affected Versions Juniper Networks Paragon Active Assurance Control Center versions 4.1.0 through 4.2.0

Description The issue allows a network-adjacent attacker with root access to a Test Agent Appliance to access sensitive information about downstream devices. The "netrounds-probe-login" daemon exposes functions where the Test Agent Appliance pushes interface state/config, and the remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.

Recommendations For versions 4.1.0 and 4.2.0, consider disabling the probe serviced daemon as a temporary workaround until a patch is available. Restrict access to the internal database object to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.