CVE-2021-0232 : An authentication bypass vulnerability in the Juniper Networks Paragon Active As

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.

Published 2021-04-22 20:15:09

Updated 2022-09-20 17:09:18

Source Juniper Networks, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2021-0232

Juniper » Paragon Active Assurance Control Center
Versions from including (>=) 2.36 and before (<) 2.36.2
cpe:2.3:a:juniper:paragon_active_assurance_control_center:*:*:*:*:*:*:*:*
Matching versions
Juniper » Paragon Active Assurance Control Center
Versions before (<) 2.35.6
cpe:2.3:a:juniper:paragon_active_assurance_control_center:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-0232

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-0232

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H	2.2	5.2	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H	2.2	5.2	Juniper Networks, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2021-0232

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: sirt@juniper.net (Secondary)
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-0232

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://kb.juniper.net/JSA11127

2021-04 Security Bulletin: Paragon Active Assurance: Authentication bypass vulnerability (CVE-2021-0232) - Juniper Networks
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-0232

Products affected by CVE-2021-0232

Exploit prediction scoring system (EPSS) score for CVE-2021-0232

CVSS scores for CVE-2021-0232

CWE ids for CVE-2021-0232

References for CVE-2021-0232