| Vulnerability Name: | CVE-2018-0039 (CCN-146307) | ||||||||||||
| Assigned: | 2017-11-16 | ||||||||||||
| Published: | 2018-07-11 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-798 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-0039 Source: XF Type: UNKNOWN juniper-contrail-cve20180039-default-account(146307) Source: CCN Type: Juniper Networks Security Bulletin JSA10872 Contrail Service Orchestration: Multiple vulnerabilities addressed in 4.0.0 Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10872 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||