CVE-2017-10616

Summary

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksContrail2.2 < 2.21.4affected
Juniper NetworksContrail3.0 < 3.0.3.4affected
Juniper NetworksContrail3.1 < 3.1.4.0affected
Juniper NetworksContrail3.2 < 3.2.5.0affected

Weaknesses

  • hardcoded credential

Workarounds

The hard coded credentials can be modified manually. It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access only from trusted, administrative networks or hosts.

ADP Enrichment

CVE Program Container

Additional References

References