CVE-2018-0040

CWE-321 CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 62.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Contrail Service Orchestration Juniper Contrail Service Orchestration

Timeline

PublishedJul 11

Latest updateMay 13

Description

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/contrail_service_orchestrationunspecified — 4.0.0

▶NVDjuniper/contrail_service_orchestration< 4.0.0

🔴Vulnerability Details

GHSA

GHSA-54pf-77jh-g9mf: Juniper Networks Contrail Service Orchestrator versions prior to 4↗2022-05-13

▶

CVEList

Contrail Service Orchestration: hardcoded cryptographic certificates and keys↗2018-07-11

▶

📋Vendor Advisories

Juniper

CVE-2018-0040: Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allo↗2018-07-11

▶