CVE-2018-0041

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 35.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Contrail Service Orchestration Juniper Contrail Service Orchestration

Timeline

PublishedJul 11

Latest updateMay 13

Description

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/contrail_service_orchestrationunspecified — 3.3.0

▶NVDjuniper/contrail_service_orchestration< 3.3.0

🔴Vulnerability Details

GHSA

GHSA-2gw3-mxrj-jwhh: Juniper Networks Contrail Service Orchestration releases prior to 3↗2022-05-13

▶

CVEList

Contrail Service Orchestration: Hardcoded credentials for Keystone service.↗2018-07-11

▶

📋Vendor Advisories

Juniper

CVE-2018-0041: Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow↗2018-07-11

▶