CVE-2022-22229

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1.

CVSS v3.0 8.4 HIGH

8.4^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://kb.juniper.net/JSA69883	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:juniper:paragon_active_assurance_control_center:3.2.0:::::::*
	cpe:2.3:a:juniper:paragon_active_assurance_control_center::::::::

Information

Published : 2022-10-17 20:15

Updated : 2022-10-20 07:49

NVD link : CVE-2022-22229

Mitre link : CVE-2022-22229

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

juniper

paragon_active_assurance_control_center

8.4 /10