PT-2024-2949 · Juniper Networks · Junos
Published
2024-04-10
·
Updated
2026-01-23
·
CVE-2024-30406
CVSS v4.0
6.7
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS Evolved ACX Series devices versions 23.1R1-EVO through 23.2R2-EVO
Description
A Cleartext Storage in a File on Disk issue allows a local, authenticated attacker with high privileges to read all other users' login credentials. This issue is related to the Paragon Active Assurance Test Agent software installed on the devices. The vulnerability is associated with the unencrypted storage of credentials, which could allow an attacker to gain unauthorized access to protected information.
Recommendations
For versions 23.1R1-EVO through 23.2R2-EVO, update to a version outside of this range to resolve the issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos