CVE-2018-0038

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 35.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Contrail Service Orchestration

Timeline

PublishedJul 11

Latest updateMay 14

Description

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDjuniper/contrail_service_orchestration< 3.3.0

🔴Vulnerability Details

GHSA

GHSA-fhqp-r39f-9w65: Juniper Networks Contrail Service Orchestration releases prior to 3↗2022-05-14

▶

CVEList

CVE-2018-0038: Juniper Networks Contrail Service Orchestration releases prior to 3↗2018-07-11

▶

📋Vendor Advisories

Juniper

CVE-2018-0038: Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These cr↗2018-07-11

▶