CVE-2018-0039

CWE-561 CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 51.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Contrail Service Orchestration Juniper Contrail Service Orchestration

Timeline

PublishedJul 11

Latest updateMay 13

Description

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5juniper_networks/contrail_service_orchestrationunspecified — 4.0.0

▶NVDjuniper/contrail_service_orchestration< 4.0.0

🔴Vulnerability Details

GHSA

GHSA-v468-p66w-62gm: Juniper Networks Contrail Service Orchestration releases prior to 4↗2022-05-13

▶

CVEList

Contrail Service Orchestration: Hardcoded credentials for Grafana service↗2018-07-11

▶

📋Vendor Advisories

Juniper

CVE-2018-0039: Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These cred↗2018-07-11

▶