CVE-2024-30381 – This vulnerability allows a network-adjacent at... (How to Fix)

Q: What is the severity of CVE-2024-30381?

CVE-2024-30381 has a CVSS score of 8.4 (HIGH). This vulnerability allows a network-adjacent attacker with root access to a Test Agent Appliance to access sensitive information about downstream devices in Juniper Networks Paragon Active Assurance Control Center. The 'netrounds-probe-login' daemon accidentally exposes an internal database object, enabling direct database access. This affects Paragon Active Assurance versions 4.1.0 and 4.2.0.

📋 TL;DR

This vulnerability allows a network-adjacent attacker with root access to a Test Agent Appliance to access sensitive information about downstream devices in Juniper Networks Paragon Active Assurance Control Center. The 'netrounds-probe-login' daemon accidentally exposes an internal database object, enabling direct database access. This affects Paragon Active Assurance versions 4.1.0 and 4.2.0.

💻 Affected Systems

Products:

Juniper Networks Paragon Active Assurance Control Center

Versions: 4.1.0, 4.2.0

Operating Systems: Not specified - likely appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network-adjacent access to Test Agent Appliances with root privileges. The vulnerability is in the 'netrounds-probe-login' daemon (probe_serviced).

📦 What is this software?

Paragon Active Assurance Control Center by Juniper

View all CVEs affecting Paragon Active Assurance Control Center →

Paragon Active Assurance Control Center by Juniper

View all CVEs affecting Paragon Active Assurance Control Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Paragon Active Assurance Control Center database, exposing all sensitive configuration data, credentials, and downstream device information to unauthorized actors.

🟠

Likely Case

Unauthorized access to sensitive network configuration data, interface states, and device information from downstream systems managed by the Control Center.

🟢

If Mitigated

Limited exposure if network segmentation prevents adjacent attackers from reaching Test Agent Appliances and root access is properly controlled.

🌐 Internet-Facing: LOW - The vulnerability requires network-adjacent access to Test Agent Appliances, not direct internet exposure of the Control Center.

🏢 Internal Only: HIGH - Attackers with internal network access and root privileges on Test Agent Appliances can exploit this to access sensitive Control Center data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires root access to a Test Agent Appliance and network adjacency. The vulnerability exposes database access functionality that could be leveraged by knowledgeable attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Juniper advisory for specific fixed versions

Vendor Advisory: https://supportportal.juniper.net/JSA79173

Restart Required: Yes

Instructions:

1. Review Juniper advisory JSA79173. 2. Apply the recommended patch/update from Juniper. 3. Restart affected services or appliances as directed by Juniper. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Test Agent Appliances from untrusted networks and limit access to authorized administrative systems only.

Root Access Control

all

Implement strict controls on root access to Test Agent Appliances and monitor for unauthorized privilege escalation.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Test Agent Appliances from potential attackers
Enhance monitoring and logging of Test Agent Appliance access and database queries

🔍 How to Verify

Check if Vulnerable:

Check Paragon Active Assurance Control Center version. If running 4.1.0 or 4.2.0, the system is vulnerable.

Check Version:

Check appliance web interface or CLI for version information (specific command depends on deployment)

Verify Fix Applied:

Verify the system has been updated to a version not listed in the affected versions (4.1.0, 4.2.0) and check Juniper advisory for confirmation.

📡 Detection & Monitoring

Log Indicators:

Unusual database access patterns from Test Agent Appliances
Unauthorized access attempts to probe_serviced daemon

Network Indicators:

Unexpected database queries originating from Test Agent Appliance network segments

SIEM Query:

Search for: 'probe_serviced' OR 'netrounds-probe-login' with database access patterns from Test Agent IP addresses

📊 Metadata

CVE ID: CVE-2024-30381

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-200

Published: April 12, 2024

Last Updated: January 16, 2026

🔗 References

https://supportportal.juniper.net/JSA79173 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H Vendor Advisory
https://supportportal.juniper.net/JSA79173 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30381, you might also want to check these: