CVE-2022-22190 is a vulnerability in Juniper Networks Paragon Active Assurance Control Center
Published on April 14, 2022
Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.
Vulnerability Analysis
CVE-2022-22190 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2022-22190 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2022-22190
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-22190 are published in Juniper Networks Paragon Active Assurance Control Center:
Affected Versions
Juniper Networks Paragon Active Assurance:- Version 3.1.0 is affected.
- Version unspecified and below 3.1.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.