CVE-2024-30406

Name: CVE-2024-30406
Creator: NVD / NIST
Published: 2024-04-12T15:15:25.34+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2024-30406 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CVSS 4.0

6.7/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.14%

3.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-313

Affected Software

Vendor	Product	Versions
Juniper	Paragon Active Assurance Test Agent	All versions
Juniper	Junos Os Evolved	23.1
Juniper	Junos Os Evolved	23.2

References

https://supportportal.juniper.net/JSA79104Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:NVendor Advisory
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.htmlTechnical Description
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.htmlThird Party Advisory
https://supportportal.juniper.net/JSA79104Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:NVendor Advisory
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/services-paa-test-agent.htmlTechnical Description
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade-evo/topics/topic-map/paa-test-agent-install.htmlThird Party Advisory

Timeline

Published: Apr 12, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-30406?

How severe is CVE-2024-30406?

CVE-2024-30406 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2024-30406?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-30406?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST