CVE-2018-0040

Summary

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksContrail Service Orchestrationunspecified < 4.0.0affected

Weaknesses

  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

Workarounds

Limit access to the CSO environment to only trusted networks and hosts.

ADP Enrichment

CVE Program Container

Additional References

References