CVE-2022-22229 is a high-severity stored Cross-Site Scripting (XSS) vulnerability identified in Juniper Networks Paragon Active Assurance (formerly Netrounds), specifically affecting the Control Center Controller web interface. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. An attacker with high privileges—specifically, WRITE permissions—can inject malicious scripts that are persistently stored within the application. When other authorized users access the affected web pages and inadvertently trigger these scripts, the malicious code executes in their browser context. This can lead to command execution with privileges equivalent to a superuser account, effectively allowing the attacker to escalate their control within the system. The vulnerability affects all versions prior to 3.1.1 and 3.2 versions prior to 3.2.1. The CVSS v3.1 base score is 8.4, reflecting a high severity due to network exploitability, low attack complexity, required high privileges, user interaction, and a scope change that impacts confidentiality, integrity, and availability at a high level. No known exploits are currently reported in the wild, but the potential impact is significant given the ability to execute commands with superuser privileges. This vulnerability is particularly critical in environments where multiple administrators or operators access the Control Center Controller, as it enables lateral movement and privilege escalation through trusted user sessions.

For European organizations using Juniper Networks Paragon Active Assurance, this vulnerability poses a substantial risk. The ability for a high-privilege user to inject persistent malicious scripts can lead to unauthorized command execution, data exfiltration, manipulation of network assurance processes, and potential disruption of critical network services. Given that Paragon Active Assurance is used for network performance monitoring and assurance, exploitation could undermine network reliability and trustworthiness, impacting service delivery and compliance with regulations such as GDPR. The compromise of superuser privileges could also facilitate further attacks within the network infrastructure, potentially affecting sensitive data and critical operational technology. Organizations in sectors such as telecommunications, finance, and critical infrastructure—where Juniper products are prevalent—may face operational disruptions, reputational damage, and regulatory penalties if this vulnerability is exploited.

1. Immediate upgrade to Juniper Networks Paragon Active Assurance versions 3.1.1 or later, or 3.2.1 or later, where the vulnerability is patched. 2. Restrict WRITE permissions strictly to trusted administrators and implement role-based access controls to minimize the number of users capable of injecting malicious scripts. 3. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious script injections targeting the Control Center Controller interface. 4. Conduct regular security audits and code reviews focusing on input validation and output encoding in web interfaces. 5. Educate administrators and users about the risks of clicking on unexpected or suspicious links within the management interface to reduce the likelihood of triggering malicious scripts. 6. Monitor logs and network traffic for unusual activities indicative of exploitation attempts, such as unexpected command executions or privilege escalations. 7. Implement multi-factor authentication (MFA) for all administrative access to reduce the risk of compromised credentials being leveraged in attacks.