CVE-2018-0039
Contrail Service Orchestration: Hardcoded credentials for Grafana service
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Las versiones de Juniper Networks Contrail Service Orchestration anteriores a la 4.0.0 tienen el servicio Grafana habilitado por defecto con credenciales embebidas. Estas credenciales permiten que atacantes en la red accedan de forma no autorizada a la informaciĆ³n almacenada en Grafana.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-16 CVE Reserved
- 2018-07-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-561: Dead Code
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Search vendor "Juniper" | Contrail Service Orchestration Search vendor "Juniper" for product "Contrail Service Orchestration" | < 4.0.0 Search vendor "Juniper" for product "Contrail Service Orchestration" and version " < 4.0.0" | - |
Affected
|