CVE-2018-0039
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Contrail Service Orchestration | unspecified < 4.0.0 | affected |
Weaknesses
- CWE-798: CWE-798: Use of Hard-coded Credentials
- CWE-561: CWE-561: Dead Code
Workarounds
Limit access to the CSO environment to only trusted networks and hosts. Disable Grafana service as it is not required by CSO.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.