CVE-2018-0039 is a vulnerability in Juniper Networks Contrail Service Orchestration
Published on July 11, 2018
Contrail Service Orchestration: Hardcoded credentials for Grafana service
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Weakness Types
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Dead Code
The software contains dead code, which can never be executed. Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Products Associated with CVE-2018-0039
Want to know whenever a new CVE is published for Juniper Networks Contrail Service Orchestration? stack.watch will email you.
Affected Versions
Juniper Networks Contrail Service Orchestration:- Version unspecified and below 4.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.