Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0232

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.

Published

2021-04-22T20:15:08.707

Last Modified

2024-11-21T05:42:15.790

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	paragon_active_assurance_control_center	< 2.35.6	Yes
Application	juniper	paragon_active_assurance_control_center	< 2.36.2	Yes
Operating System	fedoraproject	fedora	35	Yes

References

https://kb.juniper.net/JSA11127 Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/ ([email protected])
https://kb.juniper.net/JSA11127 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/ (af854a3a-2127-422b-91ae-364da2661108)