CVE-2024-30381

Name: CVE-2024-30381
Creator: NVD / NIST
Published: 2024-04-12T15:15:24.547+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.4/10EPSS 0.46%

Last modified Jun 17, 2026

CVE-2024-30381 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.

Metrics

CVSS 3.1

8.4/10

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS 4.0

8.4/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.46%

36.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Juniper	Paragon Active Assurance Control Center	4.1.0
Juniper	Paragon Active Assurance Control Center	4.2.0

References

https://supportportal.juniper.net/JSA79173Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:HVendor Advisory
https://supportportal.juniper.net/JSA79173Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:HVendor Advisory

Timeline

Published: Apr 12, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-30381?

How severe is CVE-2024-30381?

CVE-2024-30381 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2024-30381?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-30381?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST