CVE-2018-0039

Summary

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksContrail Service Orchestrationunspecified < 4.0.0affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials
  • CWE-561: CWE-561: Dead Code

Workarounds

Limit access to the CSO environment to only trusted networks and hosts. Disable Grafana service as it is not required by CSO.

ADP Enrichment

CVE Program Container

Additional References

References