CVE-2018-0039 is a vulnerability in Juniper Networks Contrail Service Orchestration
Published on July 11, 2018
Contrail Service Orchestration: Hardcoded credentials for Grafana service
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.
Weakness Types
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Dead Code
The software contains dead code, which can never be executed. Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Products Associated with CVE-2018-0039
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-0039 are published in Juniper Networks Contrail Service Orchestration:
Affected Versions
Juniper Networks Contrail Service Orchestration:- Version unspecified and below 4.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.