How severe is CVE-2024-30381?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-30381?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-30381 - HIGH Severity | CVSS 8.4

Vulnerability Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.

Related Vulnerabilities

CVE-2015-6862

HIGH

CVSS:8.4(High)

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

CWE-2002015

CVE-2016-3100

HIGH

CVSS:8.4(High)

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly ...

CWE-2002016

CVE-2018-2402

HIGH

CVSS:8.4(High)

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear tex...

CWE-2002018

CVE-2015-7429

HIGH

CVSS:8.5(High)

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and ...

CWE-2002015

CVE-2015-7928

HIGH

CVSS:8.5(High)

eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended worksta...

CWE-2002015

CVE-2016-1499

HIGH

CVSS:8.5(High)

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of servi...

CWE-2002016