Vulnerability Details : CVE-2018-0038
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.
Vulnerability category: Bypass
Products affected by CVE-2018-0038
- cpe:2.3:a:juniper:contrail_service_orchestration:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0038
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0038
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-0038
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0038
-
https://kb.juniper.net/JSA10872
Juniper Networks - 2018-07 Security Bulletin: Contrail Service Orchestration: Multiple vulnerabilities addressed in 4.0.0Vendor Advisory
Jump to