Main Vulnerability Database Vulnerabilities #VU88442

Cleartext storage of sensitive information in Junos OS Evolved - CVE-2024-30406

Published: April 10, 2024

Vulnerability identifier: #VU88442

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-30406

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the Paragon Active Assurance Test Agent software installed on the ACX Series devices stored users credential in clear text. A local privileged user can read the file and obtain credentials of other users.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406

Cleartext storage of sensitive information in Junos OS Evolved - CVE-2024-30406

Description

Remediation

External links

Please verify you're human