Juniper Paragon Active Assurance Control Center 2.36

CPE Details

Juniper Paragon Active Assurance Control Center 2.36
juniper
paragon_active_assurance_control_center
2.36
2021-04-26
16h55 +00:00
2021-05-19
10h10 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:juniper:paragon_active_assurance_control_center:2.36:*:*:*:*:*:*:*

Informations

Vendor

juniper

Product

paragon_active_assurance_control_center

Version

2.36

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-22229 2022-10-18 02h46 +00:00 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1.
8.4
High
CVE-2021-0232 2021-04-22 19h37 +00:00 An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.
7.4
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.