CVE-2024-30406 MEDIUM

CVE-2024-30406: Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials

Vendor Juniper Networks
Product Junos OS Evolved
Weakness CWE-313
Published April 12, 2024
Last update August 2, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO.

Key dates

02Disclosure timeline

April 12, 2024 CVE published
August 2, 2024 Record updated