CVE-2024-21589 – An unauthenticated attacker can access sensitiv... (How to Fix)

Q: What is the severity of CVE-2024-21589?

CVE-2024-21589 has a CVSS score of 7.4 (HIGH). An unauthenticated attacker can access sensitive reports in Juniper Networks Paragon Active Assurance Control Center without logging in, potentially exposing configuration data. This affects on-premises versions 3.1.0 through 3.4.0, but not SaaS deployments or versions before 3.1.0.

📋 TL;DR

An unauthenticated attacker can access sensitive reports in Juniper Networks Paragon Active Assurance Control Center without logging in, potentially exposing configuration data. This affects on-premises versions 3.1.0 through 3.4.0, but not SaaS deployments or versions before 3.1.0.

💻 Affected Systems

Products:

Juniper Networks Paragon Active Assurance Control Center

Versions: 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0

Operating Systems: Not specified - likely various Linux distributions

Default Config Vulnerable: ⚠️ Yes

Notes: SaaS offering is NOT affected. Versions earlier than 3.1.0 are NOT affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exfiltration of sensitive network configuration data, credentials, and operational reports leading to network compromise.

🟠

Likely Case

Unauthorized access to configuration reports containing network topology, device information, and potentially credentials.

🟢

If Mitigated

Limited exposure if proper network segmentation and access controls prevent external access to the Control Center.

🌐 Internet-Facing: HIGH - Unauthenticated access from internet-facing systems would expose sensitive data.

🏢 Internal Only: MEDIUM - Internal attackers could still access sensitive reports without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the Control Center but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific fixed versions

Vendor Advisory: https://supportportal.juniper.net/JSA75727

Restart Required: Yes

Instructions:

1. Review JSA75727 advisory. 2. Apply vendor-recommended patches. 3. Restart affected services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Paragon Active Assurance Control Center to trusted IPs only

iptables -A INPUT -p tcp --dport <control_center_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <control_center_port> -j DROP

🧯 If You Can't Patch

Isolate the Control Center behind a firewall with strict IP-based access controls
Implement network segmentation to prevent unauthorized access to the Control Center subnet

🔍 How to Verify

Check if Vulnerable:

Check if Paragon Active Assurance Control Center version is 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, or 3.4.0

Check Version:

Check web interface or system documentation for version information

Verify Fix Applied:

Verify version is updated to vendor-recommended patched version and test unauthenticated report access is blocked

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to report endpoints
Failed authentication attempts followed by successful report access

Network Indicators:

Unusual report download patterns from unauthenticated IPs
External IPs accessing report endpoints without authentication

SIEM Query:

source="paragon_logs" AND (url="*/reports/*" OR url="*/api/reports*") AND auth_status="unauthenticated"

📊 Metadata

CVE ID: CVE-2024-21589

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: CWE-284

Published: January 12, 2024

Last Updated: November 21, 2024

🔗 References

https://supportportal.juniper.net/JSA75727 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Third Party Advisory
https://supportportal.juniper.net/JSA75727 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21589, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Paragon Active Assurance Control Center by Juniper

Paragon Active Assurance Control Center by Juniper

Paragon Active Assurance Control Center by Juniper

Paragon Active Assurance Control Center by Juniper

Paragon Active Assurance Control Center by Juniper

Paragon Active Assurance Control Center by Juniper

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities