Vulnerability Details : CVE-2018-0039
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Vulnerability category: Bypass
Products affected by CVE-2018-0039
- cpe:2.3:a:juniper:contrail_service_orchestration:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0039
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
Juniper Networks, Inc. |
CWE ids for CVE-2018-0039
-
The product contains dead code, which can never be executed.Assigned by: sirt@juniper.net (Secondary)
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by:
- nvd@nist.gov (Primary)
- sirt@juniper.net (Secondary)
References for CVE-2018-0039
-
https://kb.juniper.net/JSA10872
Juniper Networks - 2018-07 Security Bulletin: Contrail Service Orchestration: Multiple vulnerabilities addressed in 4.0.0Vendor Advisory
Jump to