CVE-2018-0041

Summary

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksContrail Service Orchestrationunspecified < 3.3.0affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials.

Workarounds

Limit access to the CSO environment to only trusted networks and hosts.

ADP Enrichment

CVE Program Container

Additional References

References