mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
160 lines
8.1 KiB
JSON
160 lines
8.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-30406",
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices\u00a0using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.\n\nThis issue affects only Juniper Networks Junos OS Evolved ACX Series devices using\u00a0the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.\u00a0\n\nThis issue does not affect releases before 23.1R1-EVO."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-313: Cleartext Storage in a File or on Disk",
|
|
"cweId": "CWE-313"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Juniper Networks",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS Evolved",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "23.1R1-EVO",
|
|
"version_value": "23.2R2-EVO"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://supportportal.juniper.net/JSA79104",
|
|
"refsource": "MISC",
|
|
"name": "https://supportportal.juniper.net/JSA79104"
|
|
},
|
|
{
|
|
"url": "https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.html"
|
|
},
|
|
{
|
|
"url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.html"
|
|
},
|
|
{
|
|
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
|
|
"refsource": "MISC",
|
|
"name": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-av217"
|
|
},
|
|
"source": {
|
|
"advisory": "JSA79104",
|
|
"defect": [
|
|
"1728816"
|
|
],
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<tt>Potentially affected devices are those which use the following configuration statement:<br><br> <codeph>test-agent</codeph><br></tt><br>Located at the hierarchy level:<br> <br> <codeph>[edit services pas]</codeph><br><br>Therefore verify that the following minimal configuration statement in the Junos device exists:<br> [services pas]<br><br>And verify that the agent is running on the device. <br><br>"
|
|
}
|
|
],
|
|
"value": "Potentially affected devices are those which use the following configuration statement:\n\n\u00a0 <codeph>test-agent</codeph>\n\nLocated at the hierarchy level:\n\u00a0\u00a0\n\u00a0 <codeph>[edit services pas]</codeph>\n\nTherefore verify that the following minimal configuration statement in the Junos device exists:\n\u00a0 [services pas]\n\nAnd verify that the agent is running on the device."
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>There are no known workarounds for this issue.</p><p>Devices using the following deprecated operational mode command are unaffected:</p><p> <codeph>request services paa install</codeph></p><p>See the Junos OS Evolved Software Installation and Upgrade Guide for the Paragon Active Assurance (PAA) Test Agent installation instructions for further information.</p>"
|
|
}
|
|
],
|
|
"value": "There are no known workarounds for this issue.\n\nDevices using the following deprecated operational mode command are unaffected:\n\n <codeph>request services paa install</codeph>\n\nSee the Junos OS Evolved Software Installation and Upgrade Guide for the Paragon Active Assurance (PAA) Test Agent installation instructions for further information."
|
|
}
|
|
],
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
|
|
}
|
|
],
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS Evolved: 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.</p><p><span style=\"background-color: rgb(255, 255, 255);\">Note: Before you upgrade the system software from Junos OS Evolved Release 23.2R1 to a later release, you must uninstall the test agent using the </span><code>request services paa uninstall</code><span style=\"background-color: rgb(255, 255, 255);\"> command. See the product documentation for upgrade procedures and coordinate with JTAC for support.</span></p>"
|
|
}
|
|
],
|
|
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\nNote: Before you upgrade the system software from Junos OS Evolved Release 23.2R1 to a later release, you must uninstall the test agent using the request services paa uninstall\u00a0command. See the product documentation for upgrade procedures and coordinate with JTAC for support."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |