CVE-2024-30406 - OpenCVE

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://supportportal.juniper.net/JSA79104
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2024-04-12T15:04:06.515Z

Updated: 2024-07-05T17:22:41.148Z

Reserved: 2024-03-26T23:06:19.981Z

Link: CVE-2024-30406

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-12T15:15:25.340

Modified: 2024-05-16T21:16:10.073

Link: CVE-2024-30406

JSON object: View

Redhat Information

No data.

CWE

CWE-313

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30406", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-03-26T23:06:19.981Z", "datePublished": "2024-04-12T15:04:06.515Z", "dateUpdated": "2024-07-05T17:22:41.148Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Paragon Active Assurance Test Agent", "ACX Series"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThanOrEqual": "23.2R2-EVO", "status": "affected", "version": "23.1R1-EVO", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<tt>Potentially affected devices are those which use the following configuration statement:<br><br>  <codeph>test-agent</codeph><br></tt><br>Located at the hierarchy level:<br>  <br>  <codeph>[edit services pas]</codeph><br><br>Therefore verify that the following minimal configuration statement in the Junos device exists:<br>  [services pas]<br><br>And verify that the agent is running on the device. <br><br>"}], "value": "Potentially affected devices are those which use the following configuration statement:\n\n\u00a0 <codeph>test-agent</codeph>\n\nLocated at the hierarchy level:\n\u00a0\u00a0\n\u00a0 <codeph>[edit services pas]</codeph>\n\nTherefore verify that the following minimal configuration statement in the Junos device exists:\n\u00a0 [services pas]\n\nAnd verify that the agent is running on the device."}], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.<br><br>This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 2<span style=\"background-color: rgb(255, 255, 255);\">3.1R1-EVO through 23.2R2-EVO. <br></span><br>This issue does not affect releases before 23.1R1-EVO.<br><br><br><br>"}], "value": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices\u00a0using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.\n\nThis issue affects only Juniper Networks Junos OS Evolved ACX Series devices using\u00a0the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.\u00a0\n\nThis issue does not affect releases before 23.1R1-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-313", "description": "CWE-313: Cleartext Storage in a File or on Disk", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T20:42:37.549Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA79104"}, {"tags": ["product"], "url": "https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html"}, {"tags": ["product"], "url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS Evolved: 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.</p><p><span style=\"background-color: rgb(255, 255, 255);\">Note: Before you upgrade the system software from Junos OS Evolved Release 23.2R1 to a later release, you must uninstall the test agent using the </span><code>request services paa uninstall</code><span style=\"background-color: rgb(255, 255, 255);\"> command. See the product documentation for upgrade procedures and coordinate with JTAC for support.</span></p>"}], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\nNote: Before you upgrade the system software from Junos OS Evolved Release 23.2R1 to a later release, you must uninstall the test agent using the request services paa uninstall\u00a0command. See the product documentation for upgrade procedures and coordinate with JTAC for support."}], "source": {"advisory": "JSA79104", "defect": ["1728816"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p><p>Devices using the following deprecated operational mode command are unaffected:</p><p> <codeph>request services paa install</codeph></p><p>See the Junos OS Evolved Software Installation and Upgrade Guide for the Paragon Active Assurance (PAA) Test Agent installation instructions for further information.</p>"}], "value": "There are no known workarounds for this issue.\n\nDevices using the following deprecated operational mode command are unaffected:\n\n <codeph>request services paa install</codeph>\n\nSee the Junos OS Evolved Software Installation and Upgrade Guide for the Paragon Active Assurance (PAA) Test Agent installation instructions for further information."}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-12T17:46:38.908028Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:41.148Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices\u00a0using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.\n\nThis issue affects only Juniper Networks Junos OS Evolved ACX Series devices using\u00a0the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.\u00a0\n\nThis issue does not affect releases before 23.1R1-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de texto plano en un archivo en disco en dispositivos Juniper Networks Junos OS Evolved ACX Series que utilizan el software Paragon Active Assurance Test Agent instalado en dispositivos de red permite a un atacante local autenticado con altos privilegios leer las credenciales de inicio de sesi\u00f3n de todos los dem\u00e1s usuarios. Este problema afecta solo a los dispositivos Juniper Networks Junos OS Evolved ACX Series que utilizan el software Paragon Active Assurance Test Agent instalado en estos dispositivos desde 23.1R1-EVO hasta 23.2R2-EVO. Este problema no afecta a las versiones anteriores a 23.1R1-EVO."}], "id": "CVE-2024-30406", "lastModified": "2024-05-16T21:16:10.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-04-12T15:15:25.340", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA79104"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"}, {"source": "sirt@juniper.net", "url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html"}, {"source": "sirt@juniper.net", "url": "https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-313"}], "source": "sirt@juniper.net", "type": "Secondary"}]}